Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

contents of the logon-control ACL- ClearPass integration with Aruba

This thread has been viewed 4 times

  • 1.  contents of the logon-control ACL- ClearPass integration with Aruba

    Posted Mar 07, 2013 03:19 PM

    Hi all,

     

    In Step 4 of p. 18 in "TechNote 1.1 - Aruba Wireless and ClearPass 6 Integration Guide.pdf", where we are creating a new pre-logon role for ClearPass on the Aruba Controller, it says,

     

    Select the radio button for “Choose From Configured Policies” and select the policy called “logon-control (session)”.

     

    I'm running 6.1.3.7 and do not seem to have that ACL. Could someone please look on their controller and tell me what the contents of this ACL is?

     

    Thanks,

    Mike

     



  • 2.  RE: contents of the logon-control ACL- ClearPass integration with Aruba
    Best Answer

    Posted Mar 07, 2013 04:59 PM

    The default logon-control ACL is as follows:

     

    ip access-list session logon-control
    user any udp 68 deny
    any any svc-icmp permit
    any any svc-dns permit
    any any svc-dhcp permit
    any any svc-natt permit

     

     

    You may or may not need it depending on your other ACLs and what you want for pre-logon.  

     



  • 3.  RE: contents of the logon-control ACL- ClearPass integration with Aruba

    Posted Mar 11, 2013 03:47 PM
    Perfect thanks!

    Mike


  • 4.  RE: contents of the logon-control ACL- ClearPass integration with Aruba

    Posted Oct 21, 2017 05:37 PM

    Hi everyone,

     

    I have a query:

     

    I have done 802.1x authentication using EAP-PEAP-MSCHAv2 using Aruba ClearPass as the Authentication server and Aruba Mobility Controller.

    I integrated my AD with the ClearPass and downloaded the certificate from AD CS to the controller. I gave default enforcement profile and enforcement Policy.

     

    Authentication is working fine and i could see in  the access tracker that the domain PC is authenticated.

    But the problem is i dont have PEFNG Licensce in my controller and as a result i cannot create a user role in my Aruba Controller. So after authentication i can see that  the users are falling to GUEST Role and these users are not able to access internal servers or share folders or internet.

    They can ping the internal Resources but not able to access it.

     

    What might be causing issue?

     

    Is there any way to create a user role and access lists for this user in the Aruba ClearPass and enforce it on the 802.1X SSID?? so that i can get away without purchasing the PEFNG License.

     

    Any suggestions or advices would be really helpul as my manager is my eating my head over this.

     

    Thank you.



  • 5.  RE: contents of the logon-control ACL- ClearPass integration with Aruba

    Posted Oct 22, 2017 06:44 PM
    You can either return it from clearpass or assign it under aaa profile / the default 802.1X role “authenticated” role

    Get Outlook for iOS