2024-05-30

ClearPass Enforcement Profile Generator for Egress-VLAN-ID Attribute

Intro

During the last couple of years and many ClearPass projects, I had to deal with multi-vendor environments quit often. And as the ClearPass Policies are best kept simple it is somewhat good practice to use the IETF Attributes as much as possible. For our typical untagged VLAN enforcement this is easy.
But what about tagged VLANs for VoIP phones or Access Points? 
 

2023-01-08

Viewing all Ekahau APs/Antennas in 3D


We all know the struggle: You are looking at an Antenna Diagram and now you have to imagine what this antenna pattern will look like in the real world - in 3D. 

 

In this post I will show you, how you can view all APs and external antennas that are shipped with Ekahau in a 3D viewer!

 

 

 

 

 

 

 

 

 

2021-11-29

ClearPass, Read-only Domain Controller (RODC) and PEAP-MSCHAPv2

Today we're having a look at how to use a ClearPass Subscriber with a Read-Only Domain Controller.
This setup is typically for branch offices where the Activate Directory and NAC services should be hosted locally to overcome WAN failures. 

 

This post will primarily cover the "AD status:No trusted SAM account (0xc000018b)" error, when using PEAP-MSCHAPv2.

2021-04-25

Aruba Instant Mesh for point-to-point links


In this post I will explain my best practices in using Aruba APs as an point to point link. This is based on using Aruba Instant in version 8.4 or higher. This will not cover meshing in a controller based environment. 

 
I wrote this post, because in the last month I had a few customer facing problems with their point to point Access Point links. None of these problems were with the APs or Instant itself, but with the network environment or circumstances they were working in. My best practices below fix these problems.
These recommendations are applicable to all APs running Instant OS 8.4 or higher including the AP-387 with it's 60GHz 802.11ad radio. 


2021-04-18

Homelab setup - part 2 - software

In this second part of my homelab series I will tell you about the software configurations used to remote access my lab and features like remote power toggle and remote console access.
Features and software used are Palo Alto Global Protect (Client VPN), Apache Guacamole, ser2net, and one cURL call for controlling the Philips Hue power socket.  


You can read the first part about the hardware setup here.

2021-04-11

Homelab setup - part 1 - hardware

Today I will share some details about the hardware in my private test setup.

I had a few key features in mind before building this setup:

  • rack mounted (in the past everything was laying around on my desk)
  • self contained (only one power cord and one uplink should leave the rack)
  • remote access to console interfaces
  • remote power toggle for some equipment
  • remote access