Security

 View Only
last person joined: 18 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Profiling not working with Aruba CX

This thread has been viewed 16 times

  • 1.  Clearpass Profiling not working with Aruba CX

    Posted 14 days ago

    Hi all

    We have an environment with Aruba OS and CX Switches.

    We noticed that Devices that connect to the CX Switches aren't getting Profiled by Clearpass.

    Profiling is configured with CoA (15 seconds delay).

    Did you have similar experience with it? Does someone has an solution for that?

    Thanks and regards



  • 2.  RE: Clearpass Profiling not working with Aruba CX

    EMPLOYEE
    Posted 14 days ago

    What did you configure on the CX switch to enable profiling? Do you have IP helpers to ClearPass in each VLAN? And can 'unknown' or clients that should not get access have at least do a DHCP, which then is forwarded to ClearPass for profiling? 



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 3.  RE: Clearpass Profiling not working with Aruba CX

    Posted 14 days ago

    On the Switches we have the vlans and a separate profiling VLAN. 

    Clients will get placed in that vlan and there is also the IP helper that points to the cppm (this works if I manually place a device in that vlan).

    If the vlan gets assigned through the enforcement role (device - is profiled - no) with the CoA the profiling doesn't work. Also if the default role is changed to the profiling vlan new devices are not profiled and just stay there.


    Original Message


  • 4.  RE: Clearpass Profiling not working with Aruba CX

    EMPLOYEE
    Posted 13 days ago

    If you have a client assigned to your profiling VLAN, what is at that point the output of 'show port-access clients interface 1/1/3 detail' (if the client is in interface 1/1/3; change it to the actual interface)?



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message