09-28-2019 04:34 AM
Hi, we're interested in dynamic segmentation but we have lot's of 2530/2540/Cisco switches in different buildings we'd not like to replace right away. Is it possible to implement dynamic segmentation at the aggretation level and use the current L2 switches behind a 2930/3810 switch?
Can we for example map VLANs to different GRE tunnels and roles on the MC or is it possible to just have the traffic pass through the current switches and have multiple users authenticate on each aggregation switch port?
Solved! Go to Solution.
09-28-2019 12:27 PM
You cannot do this.
Dynamic segmentation works at the port level and if you can put a switch in front of that enforcement point, devices on that Cisco switch will be able to talk to each other, unfortunately. That will ruin the "segmentation" portion of dynamic segmentation.
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Re: Implementing dynamic segmentation without replacing all the switches
09-29-2019 04:24 AM
If the clients can talk to each other in the same VLAN we can live with that, as this is how it currently is. I'm hoping to map the VLANs to different roles to get the segmentation started, and then go deeper each time we replace older switches
09-29-2019 07:37 AM - edited 09-29-2019 07:39 AM
The tunneling function must be supported by the switch ASIC. Currently only switches below support tunneld node (port / user based).
Port based: 2920, 3800, 3810, 5400R, 2930M, 2930F.
User based: 2930F, 2930M, 5400R, 3810.
You can start with downloadable or programmable ACL via radius attribute on the current installed switches, and move over the user based tunneling when you start replacing switches.
- - - - Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE - - - -
- - - - - - - Feel free to give kudos or accept as a solution! - - - - - - - - -