Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Occasional Contributor II

VLAN when clearpass is unavailible

Hello i have a question if clearpass becomes unavailible.

 

I have some specific clients that i want to put in a specific VLAN when clearpass is unreachable. Now im using DUR for the access points at this moment. 

 

So i tried the Critical VLAN feature locally on the switchport. But his is not allowed because i use User roles already.

 

Now i figured out that i can create another DUR with critical VLAN for this specific clients. Im still need to test if his is supported with DUR but it works with local role. 

 

Now my question is, Besides of the "special clients", what is the best way to configure a fallback option to a guest VLAN for all other clients when clearpass is unavailible? Can this be done in a global way (without overwrite of the specials )? 

 

I know about the fallback with "aaa authentication port-acces eap-radius authorized" But i guess this will put the client in de default VLAN, and i dont want to change this on all ports. 

So maybe i have to use the Auth-VID here. But is this the best way to do this in like a global role for all other clients?

 

Can you advise what is a solid solution for this?

Highlighted
Occasional Contributor II

Re: VLAN when clearpass is unavailible

Can someone advise here please?

Highlighted
MVP Guru Elite

Re: VLAN when clearpass is unavailible

Hi,

 

There is a option to set a default User Role when CPPM is not available (need a firmware with 16.08)



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Occasional Contributor II

Re: VLAN when clearpass is unavailible

What is the name of this option? Any example commands?

Highlighted
MVP Guru Elite

Re: VLAN when clearpass is unavailible

it is Critical and Open Authentification => https://techhub.hpe.com/eginfolib/Aruba/16.08/5200-5488/index.html#GUID-03BAE3A7-D7DE-419F-8C30-C3512702294A.html



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: