Wired Intelligent Edge

last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Config for 5400 series with NAC

This thread has been viewed 0 times

  • 1.  Config for 5400 series with NAC

    Posted Mar 20, 2019 03:25 PM
    Hi all,

    I have some 5400 switches I’m going to use with certificate based NAC. I believe there is a procedure to link the switch with Clearpass and then configure to check for a certificate when a port is activated / plugged into?

    So do you just need to give the switch a valid certificate from your CA? Can it contain multiple certificates from different CAs?

    Any good links to help config this from Clearpass / switch end?

    Thanks


  • 2.  RE: Config for 5400 series with NAC

    EMPLOYEE
    Posted Mar 20, 2019 03:48 PM
    Take a look at the ClearPass Solution Guide for Wired Policy Enforcement.


  • 3.  RE: Config for 5400 series with NAC

    Posted Mar 20, 2019 04:12 PM
    Thanks Tim,

    Just at a high level for my understanding:

    Clearpass - switch is added as a device within here and a policy ready for user upon successful 802.1x authentication?

    On the switch - valid certificate from our CA and some config to perform checks for each port?

    Can I disable the checks on certain ports?
    Can I have multiple certificates on my switch to account for people with different CA certs?

    Thanks


  • 4.  RE: Config for 5400 series with NAC
    Best Answer

    EMPLOYEE
    Posted Mar 20, 2019 05:35 PM
    The switch is not involved in the EAP transaction beyond encapsulating it into a RADIUS request.


  • 5.  RE: Config for 5400 series with NAC

    Posted Mar 20, 2019 06:30 PM
    Thanks Tim