12-05-2019 02:57 AM
Hello , We have a requirement
In our network , we only have data vlan
we have configured NAC on all the wired network for few sites .
We have configured the 2 CPPM servers primary and secondary in the config
The requirement is if both the cppm servers become unreachable , the access port should fall to default data vlan .
We cant create a separate critical vlan on each site due to budget issues for network people .
Can we use the data vlan as the critical vlan
Our 95% environment is HPE Switch 5130
and 5 % cisco 9300
Re: Critical vlan
12-06-2019 01:14 AM
I can't see a reason why not, besides that is may not be desirable from a security standpoint to 'fail open' in the data VLAN. Attackers may trigger a failure, thereby bypassing your security. 'Fail open' / 'fail closed' is always a decision that needs to be made based on most times conflicting security and availability requirements. There is no universal answer to the question if you need to fail open or closed.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).