NaOH

Asked: 2017-06-23 08:45:17 +0800 CST2017-06-23 08:45:17 +0800 CST 2017-06-23 08:45:17 +0800 CST

Port security and active directory

I'm using RADIUS for port security in my environment on publicly accessible ports (meeting rooms, etc.) We have HP Procurve switches and Aruba Clearpass is handling the authentication requests (with Active Directory DCs on the back end).

It's set up to default to a guest VLAN (which has no routing into our production VLAN, only out to the internet) and then switch to the production VLAN with a successful AD authentication.

In the meeting rooms we have fixed laptops and I'm having a problem currently that when the laptops have been logged out for longer than the "unauth" period (60 seconds currently), they get kicked back onto the guest VLAN. Then users whose credentials aren't currently cached on these laptops aren't able to hit the DC to log in on the laptop.

I'm not sure how to solve this exactly. I'm reticent to give one of the DCs an interface in the guest VLAN because I'm not sure about the security implications. What else could I do?

Port security and active directory

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Port security and active directory

0 Answers