Thanks mflowers everything went good with DUR. When we switched from cisco Downlodable ACLs to switches to Aruba with DUR everything worked fine no reports
Original Message:
Sent: May 14, 2024 11:45 AM
From: Mflowers@beta.team
Subject: Aruba CX ACLs with Clearpass
Here you go:
class ip all
10 match any any any
class ipv6 all
10 match any any any
port-access policy allow-all
10 class ip all
20 class ipv6 all
port-access role MGMT
description MGMT
associate policy allow-all
auth-mode client-mode
client-inactivity timeout none
stp-admin-edge-port
vlan access XXX
Original Message:
Sent: May 09, 2024 11:02 PM
From: cdelarosa
Subject: Aruba CX ACLs with Clearpass
im maybe asking this in the wrong forum, i should ask this on the clearpass forum maybe
I ll ask there and if i get an asnwer i will get back here with it
Original Message:
Sent: May 08, 2024 05:52 PM
From: kworth
Subject: Aruba CX ACLs with Clearpass
I can't quite tell from this thread whether you're managing these attributes from ClearPass Policy Manager or your own RADIUS server (subject mentions ClearPass, first post mentions RADIUS). RADIUS servers of course may vary in how attributes are managed or configured. If you are using CPPM, we may need a ClearPass expert to weigh in regarding the specifics of the UI/UX for managing these attributes.
Original Message:
Sent: May 07, 2024 11:47 PM
From: cdelarosa
Subject: Aruba CX ACLs with Clearpass
Hello thanks for the post
I tried NAS filter rule and works fine, the problem we have with it is that if i want to change the rules is not that i can move the rules or something like
For example:
If i have this
NAS-Filter-Rule = permit in ip from any to x.x.x.x/24
NAS-Filter-Rule = permit in ip from any to y.y.y.y/24
NAS-Filter-Rule = deny in ip from any to 10.0.0.0/8
NAS-Filter-Rule = permit in ip from any to any
and i needed to add something like this:
NAS-Filter-Rule = permit in ip from any to x.x.x.x/24
NAS-Filter-Rule = permit in ip from any to y.y.y.y/24
NAS-Filter-Rule = permit in ip from any to z.z.z.z/24
NAS-Filter-Rule = deny in ip from any to 10.0.0.0/8
NAS-Filter-Rule = permit in ip from any to any
I would need to deled
NAS-Filter-Rule = deny in ip from any to 10.0.0.0/8
NAS-Filter-Rule = permit in ip from any to any
then add NAS-Filter-Rule = permit in ip from any to z.z.z.z/24 and add the other 2 lines
Now imaging this scenario in a really long ACL?
This is not like with the downloadable ACL of cisco that i had a box i could just edit it
There is something like the downlodable ACL for aruba CX? or this is the only thing i have?
In my scenario i dont have gateway to do a UBT and manage it with a gateway so thats not possible
Let me know if there is a way to go around this? or manage it in another way?
Thanks
Carlos
Original Message:
Sent: Mar 27, 2024 04:45 PM
From: kworth
Subject: Aruba CX ACLs with Clearpass
You may be interested in checking out the Port Access Policy section of the AOS-CX Security guide (example for release 10.12) which offers some ways to obtain policies for authenticated users either locally, via RADIUS attributes, or from a ClearPass Policy Manager server.
Original Message:
Sent: Mar 20, 2024 02:04 PM
From: cdelarosa
Subject: Aruba CX ACLs with Clearpass
Hello everyone
I was wondering if I could download the Aruba CX switches ACL with RADIUS IETF NAS-Filter-Rule just like I do with Aruba OS?
Also, I wonder if the Sintaxys I was using with Cisco with the downloadable ACL will work for example this one
permit ip any host x.x.x.x
permit ip any host y.y.y.y.y
deny ip any 10.0.0.0 0.255.255.255
Permit IP any any
Thanks