Security

Hello,

We are in the process of deploying a new L3 network that uses userbased tunneling for both wired and wireless (CX 6300/6200 and Clearpass).

I have however run into two fringecases that I'm looking for some suggestions on how to to handle that wouldn't result in having to use L2 or spending money on solving ;)

#1: The key cabinet

We have a key cabinet that seems to be the most passive/quiet appliance I've ever encountered.

I have managed to get the switch to assign a role to the switch port during the cabinets dhcp request but because the cabinet is so passive after that  the port simply loses the  the role because nothing else happens (show mac-adress commands on the switchport doesn't return any output even though I know it's still running).

Can I somehow manually set which role/vlan that should be tunneled to the port ?

#2The appliance cabinet

We have about a bunch of appliance cabinets from for example heating and ventilation is managed.

These cabinets are more often that not connected to our managed switches via and unmanaged switch that the facility people connect whatever else appliance the cabinet is supposed to manage.

These unmanaged switches is where I am running into problems.

The question is mostly the same as in the first case, can I set in Clearpass (or on the port itself I guess) the vlan that I want tunneled to the port in access/native mode without having to then tag the vlan to every switch that has one of these appliance cabinets ?

you can set the client-inactivity timeout to be none for the clients that are silent. This is for the CX switches.

now you can configure your CX switch for user base tunneling (ubt) and assign it to a local user role which is applied permanently to a specific port.

------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------

Original Message:
Sent: Mar 28, 2024 09:56 AM
From: Ospon
Subject: Suggestions for user based tunneling fringe cases

Hello,

We are in the process of deploying a new L3 network that uses userbased tunneling for both wired and wireless (CX 6300/6200 and Clearpass).

I have however run into two fringecases that I'm looking for some suggestions on how to to handle that wouldn't result in having to use L2 or spending money on solving ;)

#1: The key cabinet

We have a key cabinet that seems to be the most passive/quiet appliance I've ever encountered.

I have managed to get the switch to assign a role to the switch port during the cabinets dhcp request but because the cabinet is so passive after that  the port simply loses the  the role because nothing else happens (show mac-adress commands on the switchport doesn't return any output even though I know it's still running).

Can I somehow manually set which role/vlan that should be tunneled to the port ?

#2The appliance cabinet

We have about a bunch of appliance cabinets from for example heating and ventilation is managed.

These cabinets are more often that not connected to our managed switches via and unmanaged switch that the facility people connect whatever else appliance the cabinet is supposed to manage.

These unmanaged switches is where I am running into problems.

The question is mostly the same as in the first case, can I set in Clearpass (or on the port itself I guess) the vlan that I want tunneled to the port in access/native mode without having to then tag the vlan to every switch that has one of these appliance cabinets ?