Security

Hello all,

I have a lab with an Aruba 3810, a ClearPass server and a windows machine. I'd like to test 802.1x-2010 but I cannot see the way to enable it and I understand that I could simulate it enabling MACSEC. The problem is that I don't have a clear vision of how I can enable it on access ports in combination with EAP-TLS to authenticate Windows computers.

Could you help me please? Any idea?

Thanks!!!!!

------------------------------
tech_sec
------------------------------

So according to this: https://1.ieee802.org/802-1x-2010/

Looks like 802.1X-2010 is just EAP authentication with MACsec?  The first question to ask is what supplicant you are going to use on the endpoint?  Windows does not support MACsec natively.
Original Message:
Sent: Oct 20, 2022 03:44 AM
From: Abraham Lopez
Subject: Aruba AOS SW + CPPM with MACSEC

Hello all,

I have a lab with an Aruba 3810, a ClearPass server and a windows machine. I'd like to test 802.1x-2010 but I cannot see the way to enable it and I understand that I could simulate it enabling MACSEC. The problem is that I don't have a clear vision of how I can enable it on access ports in combination with EAP-TLS to authenticate Windows computers.

Could you help me please? Any idea?

Thanks!!!!!

------------------------------
tech_sec
------------------------------

Thanks for your answer ahollifield and good question. I know it, but I'm thinking about using a 3 party supplicant, I have to investigate which one...

------------------------------
tech_sec
------------------------------

Original Message:
Sent: Oct 20, 2022 07:29 AM
From: Unknown User
Subject: Aruba AOS SW + CPPM with MACSEC

So according to this: https://1.ieee802.org/802-1x-2010/

Looks like 802.1X-2010 is just EAP authentication with MACsec?  The first question to ask is what supplicant you are going to use on the endpoint?  Windows does not support MACsec natively.
Original Message:
Sent: Oct 20, 2022 03:44 AM
From: Abraham Lopez
Subject: Aruba AOS SW + CPPM with MACSEC

Hello all,

I have a lab with an Aruba 3810, a ClearPass server and a windows machine. I'd like to test 802.1x-2010 but I cannot see the way to enable it and I understand that I could simulate it enabling MACSEC. The problem is that I don't have a clear vision of how I can enable it on access ports in combination with EAP-TLS to authenticate Windows computers.

Could you help me please? Any idea?

Thanks!!!!!

------------------------------
tech_sec
------------------------------

Cisco AnyConnect/Secure Client Network Access Manager (NAM) is the one I see deployed most often.  It is usually deployed with ISE deployments but there is zero reason why it wouldn't work with ClearPass.  You do need licensing for it though, it isn't free.
Original Message:
Sent: Oct 20, 2022 07:41 AM
From: Abraham Lopez
Subject: Aruba AOS SW + CPPM with MACSEC

Thanks for your answer ahollifield and good question. I know it, but I'm thinking about using a 3 party supplicant, I have to investigate which one...

------------------------------
tech_sec

Original Message:
Sent: Oct 20, 2022 07:29 AM
From: Unknown User
Subject: Aruba AOS SW + CPPM with MACSEC

So according to this: https://1.ieee802.org/802-1x-2010/

Looks like 802.1X-2010 is just EAP authentication with MACsec?  The first question to ask is what supplicant you are going to use on the endpoint?  Windows does not support MACsec natively.
Original Message:
Sent: Oct 20, 2022 03:44 AM
From: Abraham Lopez
Subject: Aruba AOS SW + CPPM with MACSEC

Hello all,

I have a lab with an Aruba 3810, a ClearPass server and a windows machine. I'd like to test 802.1x-2010 but I cannot see the way to enable it and I understand that I could simulate it enabling MACSEC. The problem is that I don't have a clear vision of how I can enable it on access ports in combination with EAP-TLS to authenticate Windows computers.

Could you help me please? Any idea?

Thanks!!!!!

------------------------------
tech_sec
------------------------------

Yes, we have Anyconnect in our company and I saw that you can create network profile with specific supplicant configurations, so it would be a suitable choice for us.

But I'm stuck in the same point, I've not found any configuration example/guide to deploy it on edge ports and integrate with a supplicant in combination with EAP-TLS. All the documents which I've found are related to trunks between two aruba switches to encrypt the traffic between these two devices.

Do you have any info about this specific scenario?

Thanks in advance!!

------------------------------
tech_sec
------------------------------

Original Message:
Sent: Oct 20, 2022 08:25 AM
From: Unknown User
Subject: Aruba AOS SW + CPPM with MACSEC

Cisco AnyConnect/Secure Client Network Access Manager (NAM) is the one I see deployed most often.  It is usually deployed with ISE deployments but there is zero reason why it wouldn't work with ClearPass.  You do need licensing for it though, it isn't free.
Original Message:
Sent: Oct 20, 2022 07:41 AM
From: Abraham Lopez
Subject: Aruba AOS SW + CPPM with MACSEC

Thanks for your answer ahollifield and good question. I know it, but I'm thinking about using a 3 party supplicant, I have to investigate which one...

------------------------------
tech_sec

Original Message:
Sent: Oct 20, 2022 07:29 AM
From: Unknown User
Subject: Aruba AOS SW + CPPM with MACSEC

So according to this: https://1.ieee802.org/802-1x-2010/

Looks like 802.1X-2010 is just EAP authentication with MACsec?  The first question to ask is what supplicant you are going to use on the endpoint?  Windows does not support MACsec natively.
Original Message:
Sent: Oct 20, 2022 03:44 AM
From: Abraham Lopez
Subject: Aruba AOS SW + CPPM with MACSEC

Hello all,

I have a lab with an Aruba 3810, a ClearPass server and a windows machine. I'd like to test 802.1x-2010 but I cannot see the way to enable it and I understand that I could simulate it enabling MACSEC. The problem is that I don't have a clear vision of how I can enable it on access ports in combination with EAP-TLS to authenticate Windows computers.

Could you help me please? Any idea?

Thanks!!!!!

------------------------------
tech_sec
------------------------------