Security

Issue with IP-based Access Control on Alcatel Switch using ClearPass 6.11

Basically, I am using Aruba ClearPass 6.11 with an Alcatel switch.

On the Alcatel switch, standard ACLs are not working as expected. The switch only supports port-based allow and deny actions.

Currently, we have created two Enforcement Profiles in ClearPass:

Allow Access

Deny Access

This setup is working fine for port-level control.

However, my requirement is to deny access for specific IP addresses instead of blocking the entire port.

Since IP-based ACL enforcement is not supported on this Alcatel switch,

is there any alternative way in ClearPass to deny access based on specific IPs (for example, using roles, downloadable policies, or any other method)?

Any guidance or best practices would be appreciated.

-------------------------------------------

it comes down to what can the Alcatel switch support. You can check Alcatel RADIUS dictionaries to see what you can use.

Administration » Dictionaries » RADIUS 

------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------

Hi.

I quickly check Alcatel dictionary. Not much you can do. The only option is to redirect vlan traffic over firewall and do the rules there.

Best, Gorazd

------------------------------
Gorazd Kikelj
MVP Guru 2025
------------------------------

Original Message:
Sent: Jan 29, 2026 08:28 PM
From: ariyap
Subject: Issue with IP-based Access Control on Alcatel Switch using ClearPass 6.11

it comes down to what can the Alcatel switch support. You can check Alcatel RADIUS dictionaries to see what you can use.

Administration » Dictionaries » RADIUS 

------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------