Brian, What wired vendor are you using? I know for Cisco wired switches, you can pass the vlan name (as defined on the access switch) instead of the vlan ID for a role. This lets you have many student VLANs in the network, for instance.
Bruce Osborne Wireless Engineer IT Network Services - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 -----Original Message----- From: Bucklaew, Jerry [mailto:j...@buffalo.edu] Sent: Wednesday, July 20, 2016 4:50 AM Subject: Re: Aruba and Bradford Brian, We are a bradford shop and are migrating to clearpass. We used the bradford for registration or our resnet as well as our wireless gaming network. It worked ok, but my major issues with it were.. 1. Bradford is designed around vlan switching, moving ports from one vlan to the other. Vlan switch is labor/process intensive to setup/run because it needs to know about every switch, needs to know about every link change and needs to talk to every switch. 2. Bradford is not flexible when it comes to passing back radius attributes. For example you can pass back only one attribute, interface-name I think. You can not do multiple. 3. Bradford is not flexible about registration, the device needs to be on the network in order to register. User admin of registration does not exists. We moved to clearpass for our wirelesss network and it is just a much more flexible system. It can do almost anything, very customizable. Our main driver was dorm Ap's. By moving to dorm ap's (every other room) we are putting half our wired ports through the aruba system. To get the same look and feel from a user perspective both wired and dorm ap wired need to be off the same system. We moved away from vlan switching to 802.1x/mac off on the dorm ap's and a inline system for the rest of the wired ports. Eventually we are moving to 802.1x/mac off for everything, away from vlan switching. Besides the same look and feel, it gives us a much more flexible registration system and a very nice "my devices" portal so users can manage their own registrations. I can give more specifics if you need it. On 7/19/2016 5:10 PM, Brian Helman wrote: > Feel free to ping me off-list. I may sanitize/redact comments and repost > them for the benefit of others though.. > > > > If you are an Aruba AND Bradford shop, what was you reason for using Bradford > vs Clearpass? Our primary interest in NAC > is onboarding and guest networks (wired and wireless). We are currently a > Bradford shop. I don’t see a reason to > change, but I’d like to understand the benefits (or drawbacks) for staying > with Bradford (or moving to Clearpass, for > that matter). > > > > If you migrated from Bradford to Clearpass, would you do it again? Pains? > Successes? > > > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
