filmov
tv
ClearPass and CX Switch Authentication with ubt tunneling
Показать описание
@nafithsalama
This video builds on the MAC authentication with Local User Role
It goes one step further by creating GRE tunnel between the switch and the gateway (mobility Controller)
The enforcement policy will trigger the enforcement profile (the action) to assign that locally created role which will dictate the tunnel establishment
00:00 Introduction
01:57 Mobility Controller preparation and verification
05:13 ubt zone and transit VLAN configuration
07:01 ubt settings verification
10:26 Define Firewall role on the mobility controller
12:10 Defining Local User Role on the switch
***CX switch configuration and verification***
radius-server host 10.254.1.32 key plaintext aruba123
aaa group server radius cppm
server 10.254.1.32
exit
aaa accounting port-access start-stop interim 5 group cppm
!!replay-protection should be kept enabled in real production"
radius dyn-authorization client 10.254.1.32 secret-key plaintext aruba123 replay-protection disable
radius dyn-authorization enable
!!!enable radius tracking
radius-server tracking user-name cx-radius-track password plaintext aruba123
radius-server host 10.254.1.32 tracking enable
!!! MAC authentication global
aaa authentication port-access mac-auth radius server-group cppm
aaa authentication port-access mac-auth enable
!!! Create client VLAN 11
vlan 11
!!! assign a role this is without tunneling
port-access role employee
vlan access 11
exit
!!! Interface MAC authentication
interface 1/1/8
no routing
vlan access 11
aaa authentication port-access mac-auth
enable
exit
show aaa authentication port-access mac-auth interface 1/1/8 client-status
show mac-address-table
show aaa accounting port-access interface all client-status
show port-access role
show aaa authentication port-access interface all client-status
show radius dyn-authorization client 10.254.1.32
!! define ubt zone
ubt zone mc
primary-controller 10.1.30.10
Invalid input: 10.1.30.10
enable
port-access ubt-fallback-role [ROLE-NAME]
show ubt
show ubt state
!! Create the port-access role and map the ubt zone to the local user role
port-access role employee
gateway-zone zone mc gateway-role authenticated
exit
*** mobility controller configuration and verification ***
!! mobility controller needs three types of licenses, AP, PEF and RFP for the tunneling to work
show license
firewall
dpi
show tunneled-node-mgr tunneled-node
show license-usage
show datapath-tunnel
user-role mc-employee
access-list session allowall
vlan 31
show configuration pending
show rights
This video builds on the MAC authentication with Local User Role
It goes one step further by creating GRE tunnel between the switch and the gateway (mobility Controller)
The enforcement policy will trigger the enforcement profile (the action) to assign that locally created role which will dictate the tunnel establishment
00:00 Introduction
01:57 Mobility Controller preparation and verification
05:13 ubt zone and transit VLAN configuration
07:01 ubt settings verification
10:26 Define Firewall role on the mobility controller
12:10 Defining Local User Role on the switch
***CX switch configuration and verification***
radius-server host 10.254.1.32 key plaintext aruba123
aaa group server radius cppm
server 10.254.1.32
exit
aaa accounting port-access start-stop interim 5 group cppm
!!replay-protection should be kept enabled in real production"
radius dyn-authorization client 10.254.1.32 secret-key plaintext aruba123 replay-protection disable
radius dyn-authorization enable
!!!enable radius tracking
radius-server tracking user-name cx-radius-track password plaintext aruba123
radius-server host 10.254.1.32 tracking enable
!!! MAC authentication global
aaa authentication port-access mac-auth radius server-group cppm
aaa authentication port-access mac-auth enable
!!! Create client VLAN 11
vlan 11
!!! assign a role this is without tunneling
port-access role employee
vlan access 11
exit
!!! Interface MAC authentication
interface 1/1/8
no routing
vlan access 11
aaa authentication port-access mac-auth
enable
exit
show aaa authentication port-access mac-auth interface 1/1/8 client-status
show mac-address-table
show aaa accounting port-access interface all client-status
show port-access role
show aaa authentication port-access interface all client-status
show radius dyn-authorization client 10.254.1.32
!! define ubt zone
ubt zone mc
primary-controller 10.1.30.10
Invalid input: 10.1.30.10
enable
port-access ubt-fallback-role [ROLE-NAME]
show ubt
show ubt state
!! Create the port-access role and map the ubt zone to the local user role
port-access role employee
gateway-zone zone mc gateway-role authenticated
exit
*** mobility controller configuration and verification ***
!! mobility controller needs three types of licenses, AP, PEF and RFP for the tunneling to work
show license
firewall
dpi
show tunneled-node-mgr tunneled-node
show license-usage
show datapath-tunnel
user-role mc-employee
access-list session allowall
vlan 31
show configuration pending
show rights
0:07:50
HPE Aruba Networking ClearPass Workshop (2021) - AOS-CX Wired #4 Wired MAC Authentication
0:08:41
HPE HPE Aruba Networks Networking ClearPass Workshop (2021) - AOS-CX Wired #1 Wired 802.1X
0:07:14
HPE HPE Aruba Networks Networking ClearPass Workshop (2021) - AOS-CX Wired #3 Device Profiling
0:01:01
ClearPass CX switch user-based tunnelling
0:14:58
ClearPass and CX Switch Authentication with ubt tunneling
0:10:54
HPE HPE Aruba Networks Networking ClearPass Workshop (2021) - AOS-CX Wired #5 Wired MAC Enforcement
0:15:57
HPE Aruba Networking ClearPass Workshop (2021) - Guest Access #5 - Guest Access on AOS-CX Wired
0:15:13
Aruba CX Wired Authentication utilizing Clearpass Policy.
0:15:11
AOS-Switch Private VLAN with Radius enforced MAC Authentication
0:25:05
Aruba ClearPass and AOS-S Switch wired-authentication
0:09:48
Aruba ClearPass Workshop - Admin Access #4 - AOS switch admin login - Accounting and RADIUS
0:16:38
ClearPass and CX Switch MAC Auth with user role
0:10:53
Aruba ClearPass Workshop (2021) - AOS-CX Wired #6 Wired Device behind phone - AP with tagged VLANs
0:14:44
Aruba Clearpass - Authenticate network devices using Tacacs+ - Creating a Clearpass Service Part 3
0:16:30
ClearPass with ArubaCX MAC authentication and Dynamic VLAN
0:28:17
HPE Aruba Networks Dynamic Segmentation on AOS-CX: downloadable user roles
0:13:18
HPE Aruba Networking ClearPass Workshop - Admin Access #3 - AOS switch admin login - TACACS+
0:11:45
HPE HPE Aruba Networks Networking ClearPass Workshop (2021) - AOS-CX Wired #2 Wired User Roles
0:08:22
Aruba ClearPass Workshop (2021) - Wireless Access #4 RADIUS - User+Computer Authentication
0:00:40
Aruba HPE7-A02 | How to Enable Role Download on AOS-CX via ClearPass (802.1X MCQ Solved!)
0:23:32
Aruba CX MAC Authentication with RADIUS
0:55:50
EST and RADSEC with ClearPass, AOS-CX, and AOS 10 Gateways
0:42:59
HPE Aruba Networks Dynamic Segmentation on AOS-CX: local user roles
0:16:35
Aruba Clearpass - Set up Mac-auth (MAB) with Windows and Cisco - Part 1
Комментарии