Good day,
I have recently inherited a project working with EXOS X440 switches in an enviroment moving toward DACL management through clearpass.
My current issue relates to the fact I canno seem to add traffic rules using standard IETF Deny IP NAS-Filter parameters. Here is the AAA Config in the switch:
configure radius mgmt-access primary server (IPADDRESS SERVER) 1812 client-ip (Switch) vr VR-Default
configure radius mgmt-access primary shared-secret encrypted "#$NCGjTl6wGExsOKZWj+w="
configure radius netlogin primary server (IPADDRESS SERVER) 1812 client-ip (Switch) vr VR-Default
configure radius netlogin primary shared-secret encrypted "#$RZcQlN6swEz8dL2eLKM="
configure radius-accounting mgmt-access primary server (IPADDRESS SERVER) 1812 client-ip (Switch) vr VR-Default
configure radius-accounting mgmt-access primary shared-secret encrypted "#$YR5fvd2yGlKR18vK23U="
enable radius mgmt-access
enable radius netlogin
enable radius-accounting mgmt-access
enable radius-accounting netlogin
Right now, I have no problems with Authentication via MAC, assigning a client VLAN etc, but when trying to apply ACL rules i cannot determine through logging or bashing my skull against it where exactly I am going off the rails.
Here are the basics of the ACL I am attempting to apply:
1.Radius:IETF | NAS-Filter-Rule = permit in udp from any to any 53,67
2.Radius:IETF | NAS-Filter-Rule = permit in ip from any to 10.0.0.0/8
3.Radius:IETF | NAS-Filter-Rule = deny in ip from any to any
None of these rules appear to have any impact, even though I can see them being applied in clearpass output.
TLDR; Can apply VLAN's in EXOS switch, but not ACL controls via Aruba Clearpass.
