Manualshelf

Reference Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
11121314151617181920
2. Switch Configuration
The first step is to perform the switch configuration. It is assumed that VLAN1 has been created for the
switch with a correlating network-accessible IP address. This IP address must communicate with the
CPPM Data IP address (unless a single IP address is configured in CPPM, in which case it is the
management IP address).
Verify the switch can ping CPPM:
CPPM-Demo-3750# ping 192.168.99.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.99.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
CPPM-Demo-3750#
In the event an error is received, verify the correct ip default-gateway is set and that the firewall is not
blocking the switch-to-CPPM communication.
Enable the new access control commands and functions, to include advanced features, using the
following command:
CPPM-Demo-3750#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CPPM-Demo-3750(config)# aaa new-model
Add CPPM as the RADIUS server with the following commands:
CPPM-Demo-3750(config)# radius server cppm-demo
CPPM-Demo-3750(config-radius-server)# address ipv4 192.168.99.10
CPPM-Demo-3750(config-radius-server)# key aruba123
CPPM-Demo-3750(config-radius-server)# exit
CPPM-Demo-3750(config)#
“radius servername of server (e.g. cppm-demo) is a new command. Older command uses
“radius-server host 192.168.99.10 key aruba123”.
Run the following command to enable 802.1x:
CPPM-Demo-3750(config)# dot1x system-auth-control
Use the following commands to set the switch to use RADIUS for AAA Authentication and Accounting:
CPPM-Demo-3750(config)# aaa authentication dot1x default group radius
CPPM-Demo-3750(config)# aaa authorization network default group radius
CPPM-Demo-3750(config)# aaa accounting dot1x default start-stop group radius
Add a AAA server for dynamic authorization:
CPPM-Demo-3750(config)# aaa server radius dynamic-author
CPPM-Demo-3750(config-locsvr-da-radius)# client 192.168.99.10 server-key aruba123
CPPM-Demo-3750(config-locsvr-da-radius)# port 3799
CPPM-Demo-3750(config-locsvr-da-radius)# auth-type all
CPPM-Demo-3750(config-locsvr-da-radius)# exit
CPPM-Demo-3750(config)#
The following VLAN numbers will be used:
12 | ClearPass Policy manager Cisco Switch Setup with CPPM