How it Works
Dell
Loading...
P
Loading...
Loading...
Powerconnect W-ClearPass Virtual Appliances
User Manual
558 pgs16.26 Mb0
Installation Manual
8 pgs3.88 Mb0
Getting Started Guide
34 pgs1.36 Mb0
Quick Start Manual
28 pgs1.11 Mb0
Deployment Guide
320 pgs11.54 Mb0
Configuration manual
39 pgs1.36 Mb0
Reference Guide
4 pgs188.49 Kb0
Tech Note
31 pgs1.18 Mb0
Tech Sheet
18 pgs625.58 Kb0
Table of contents
Loading...

Dell Powerconnect W-ClearPass Virtual Appliances Tech Note

ClearPass Policy manager Cisco Switch Setup with CPPM

Technical Note

Copyright
© 2012 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners
Open Source Code
Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public Licens e (LGPL), or other Open Source Licenses. Includes software from Litech Systems Design. The IF-MAP client library copyright 2011 Infoblox, Inc. All rights reserved. This product includes software developed by Lars Fenneberg et al. The Open Source code used can be found at this site::
http://www.arubanetworks.com/open_source
Legal Notice
The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors.
Warranty
This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information, refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS.
Altering this device (such as painting it) voids the warranty.
www.arubanetworks.com 1344 Crossman Avenue Sunnyvale, California 94089 Phone: 408.227.4500 Fax 408.227.4550
ClearPas s Policy manager C isco Switch Setup with CPPM| December 2012
Contents
Audience ..........................................................................................................................................9
Typographic Conventions ..................................................................................................................9
Contacting Support ......................................................................................................................... 10
1. Introduction ................................................................................................................................... 11
Assumptions ................................................................................................................................... 11
Requirements.................................................................................................................................. 11
Audience ........................................................................................................................................ 11
2. Switch Configuration ..................................................................................................................... 12
3. 802.1x Service Setup ..................................................................................................................... 16
4. Cisco Downloadable ACL (DACL) .................................................................................................. 19
5. MAC Authentication Service Setup................................................................................................ 23
6. Adding a Network Device (Switch) ................................................................................................ 25
7. Adding a Test User Account .......................................................................................................... 26
8. Testing the 802.1x Service with Access Tracker ........................................................................... 28
9. Testing the MAC Authentication Service with Access Tracker ...................................................... 29
10. Troubleshooting ............................................................................................................................ 31
ClearPas s Policy manager C isco Switch Setup with CPPM| | 3
4 | ClearPas s Po licy m anag er C is co Swit ch Se tup with C PPM
Figures
Figure 1 CPPM Enforcement Profiles ............................................................................................................. 16
Figure 2 Adding a new 802.1x Enforcement Profile ......................................................................................... 17
Figure 3 802.1x Enforcement Profile Attributes tab ......................................................................................... 17
Figure 4 Configuring the VLAN as Value 999 .................................................................................................. 17
Figure 5 Tunnel-Private-Group-Id value is set to 999. ..................................................................................... 18
Figure 6 Adding a Cisco ACL (DACL) Enforcement Profile ............................................................................... 19
Figure 7 Adding Enforcement Policies............................................................................................................ 19
Figure 8 Adding Enforcement Policy profile properties .................................................................................... 20
Figure 9 Creating the 802.1x Wired Service .................................................................................................... 20
Figure 10 Selecting the Authentication Sources: [ Local User Repository] ........................................................ 21
Figure 11 802.1x Wired Service Enforcement properties ................................................................................. 21
Fig ur e 12 Reor der S erv ices list ...................................................................................................................... 22
Figure 13 Adding a non-802.1x MAC authentication Service ........................................................................... 23
Figure 14 Configuring a non-802.1x MAC Authentication Method and Authentication Source ........................... 23
Figure 15 Reordering a non-802.1x MAC authentication Service ..................................................................... 24
Figure 16 Adding a TestRole user .................................................................................................................. 26
Figure 17 Adding Local User properties ......................................................................................................... 27
Figure 18 Testing a 802.1x Service Access Tracker ........................................................................................ 28
Figure 19 Populating an Access Tracker profile properties .............................................................................. 28
Figure 20 Access Tracker window ................................................................................................................. 29
Figure 21 A non-802.1x network device fails MAC Authentication Service ....................................................... 29
Figure 22 Configuring the Endpoints of a non-802.1x network device .............................................................. 30
Figure 23 Editing the Endpoint properties of a non-802.1x network device ...................................................... 30
ClearPas s Policy manager C isco Switch Setup with CPPM| | 5
6 | ClearPas s Po licy m anag er C is co Swit ch Se tup with C PPM
Tables
Table 1 VLAN numbers ................................................................................................................................. 13
ClearPas s Policy manager C isco Switch Setup with CPPM| | 7
8 | ClearPas s Po licy m anag er C is co Swit ch Se tup with C PPM
Preface

Audience

This ClearPass Policy manager Cisco Switch Setup with CPPM is intended for system administrators and people who are

Typographic Conventions

integrating Aruba Networks Wireless Hardware with ClearPass 6.0.1.
The following conventions are used throughout this manual to emphasize important concepts.
Type Style
Italics
Boldface
Sample template code or HTML text
<angle brackets>
Description
Used to emphasize important items and for the titles of books.
Used to highlight navigation in procedures and to emphasize command names and parameter options when mentioned in text.
Code samples are shown in a fixed-width font.
When used in examples or command syntax, text within angle brackets represents items you should replace with information appropriate to your specific situation. For example:
ping <ipaddr> In this example, you would type “ping” at the system prompt exactly as shown,
followed by the IP address of the system to which ICMP echo packets are to be sent. Do not type the angle brackets.
ClearPas s Policy manager C isco Switch Setup with CPPM| | 9

Contacting Support

Main Site arubanetworks.com
Support Site support.arubanetworks.com
Airheads Social Forums and Knowledge Base and Knowledge Base
North American Telephone 1-800-943-4526 (Toll Free)
International Telephones http://www.arubanetworks.com/support-services/aruba-
Software Licensing Site https://licensing.arubanetworks.com/
End of Support information www.arubanetworks.com/support-services/end-of-life-
Wireless Security Incident Response Team (WSIRT)
Support Email Addresses
Americas and APAC support@arubanetworks.com
community.arubanetworks.com
1-408-754-1200
support-program/contact-support/
products/end-of-life-po licy /
http://www.arubanetworks.com/support-services/security­bulletins/
EMEA emea_support@arubanetworks.com
WSIRT Email
Please email details of any security problem found in an Aruba product.
wsirt@arubanetworks.com
10 | ClearPas s Po licy m anag er C is co Swit ch Se tup with C PPM
Loading...
+ 21 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use