09-24-2014 09:45 PM
We are in the process of implementing ClearPass Appliance and everything has been configured properly except that we are now facing a problem to secure/configure 802.1x connection between the edge switch "CISCO Catalyst 3750-x" port and Workgroup switch "CISCO SF302-08P".
The CISCO 8 ports workgroup switch has been configured/tested with Clearpass and it works fine. Similarly the CISCO Switch is fine too. The user case that we would like to test is what if someone unblug the cable which connects from the Workgroup switch to the edge switch and uses it to access the LAN. In other words we would like to secure the port "trunk" in the edge switch which connect with the Workgroup switch.
You help and suggestions will be highly appreciate it.
Thanks and best regards
09-25-2014 04:34 AM
09-25-2014 04:54 AM
How can we secure these ports? This is the main questions.
To clarify further the user case with assumption that both switches are configured and working fine with Clearpass, here is an example
A small office has 4 users "PCs" that are all connected to CIsco SF302-08P Workgroup switch with 8 ports. This switch support dot1.x. and itself is connected "up link" to another CISCO switch "Edge" that is located in a secure Cabinet.
What if a person sneak to the office and remove the cable "up link" that connect to the edge switch and plug it in his/her notebook. He/she will be able to access the LAN with a forced authorization and by pass Clearpass.
Is there a way to configure the edge switch port that is located in the secured cabinet?
Thanks a lot.
09-25-2014 04:56 AM - edited 09-25-2014 05:00 AM
Even if it was possible, you would run into all kinds of management access issues.
09-25-2014 05:05 AM
I have found this link.
Would this do the job ?
09-25-2014 05:08 AM
(You're on an Aruba forum asking for Cisco switch support ;-))
09-25-2014 05:17 AM
Yes I know :-)) not in the right place. But the reason I am asking is with reference to Clearpass. If there is a solution out there that could help us secure the trunk port, it shouldn't affect Aruba Clearpass functionality.