NAC Test - InfoExpress and Aruba Wireless
Today I spend half day with InfoExpress technical guy Declan for testing the InfoExpress. We start at 1:00 pm. Most of the activities are configuration. Declan said that he has configured his box appropriately, but still can’t connect to the AP. Once he turns on his NAC enforcement rules, the AP is down. I told him to exclude the IP of the AP, because it seems like the NAC block the AP activities. He told me that he has excluded the IP of the AP. We try it again. Still wondering why the AP turns down when activating the NAC enforcement. I check my Aruba controller configuration; most of the configuration is default setting. I ask Declan, can you see the AP’s IP. He said yes.
So what is the IP I asked again, he said 172.x.x.254….
Hmmmm…. That’s is not the AP’s IP. That’s the controller’s IP address. NAC cannot see the AP’s IP, because all traffic between AP and Controller is encrypted. I check back the controller. The IP is different. That’s why when InfoExpress activate the enforcement rules, the AP turns down. So, we have to exclude the controller’s IP as well as AP’s IP. Then, it works. I’m wondering if the previous POC done by Consentry and Juniper also did the same mistake. Technical guy from Consentry (Jerry) said, he can only see one IP address. I assume that, he suppose to exclude the AP’s IP too. It must be done manually. So, today I learn something new about NAC and Wireless Controller.
Filed under: Wireless, blog, software | Tagged: Aruba, IIUM Wireless, InfoExpress, ITD, NAC
Sir,
Your blog concerns me for 2 reasons-
1. I am the VP Sales & Support at ConSentry and would like to help you overcome any configuration issues you have been experiencing in your testing.
2. We do not have an employee in Asia called Jerry, please send me your contact details and I will connect you with our support personnel.
Yours,
Dean
[…] morning Consentry’s VP Sales and Support, Mr Dean Hickman-Smith visiting my blog. He said that he will help me overcome any configuration issues I’ve been experiencing […]
Jaiz,
It’s great that you are sharing your Aruba \ NAC experiences. I have been in touch with Declan, and I understand you and Declan were successful in getting the DNAC solution setup and working. You will be glad to know we are a certified partner of Aruba.
http://www.arubanetworks.com/partners/security_aaa.php#infoexpress
As your testing continues, please let us know if you need any addional assistance.
Best Regards,
Jonathan Mabie
InfoExpress
Jerry is the technical guy for distributor of consentry in Malaysia
[…] infoexpress replied. Diorang compete…to make sure products succeed pasal semua ni kena blog. http://blogs.iium.edu.my/jaiz/2008/05/05/nac-test-infoexpress-and-aruba-wireless/#comments The power of blog; by our blog sifu; […]
IIUM wants to have product from visionary vendors. success during the PoC is one thing, and we are keen to hear the future vision of the product. We believe that only well designed product from the onset will prevail in the long run.