05-31-2015 03:33 PM
I had a question that i just don't know the answer to.
Can the clearpass wired NAC shut a port on a switch due to a user/computer not being in AD or bad attempts?
If So where/what/how is this done?
05-31-2015 03:37 PM
It depends on the capabililty of the switch. You could potentially do this via an SNMP enforcement.
The more common way of enforcing this policy would be to put the user into a dead-end VLAN.
If you shut the port down and the user is connected behind a VoIP phone, for example, the phone would be disabled as well.
05-31-2015 03:56 PM
Thats what i was guessing when thinking about this but is there some policy for this or do you have to write a custom policy to do the shutdown? i just didn't know if it was possible. These are with some clearpass certified Dell N series switches...they were bought before Aruba cuddled up to HP :-p
05-31-2015 04:00 PM
Do you happen to have the SNMP guide for that series switch? I did a quick Google search and couldn't find one.
Also, keep in mind, the HP acquisiton does not impact the open nature of Aruba's products like ClearPass.
05-31-2015 07:26 PM
Dell N series
2000/3000/4000 are pretty much all the same functionality wise except 10gig ports and SFP+ etc...
06-20-2015 12:18 PM
no defintive yes or no, but on related switches it is possible to set a vlan
so the trick it find the interface enabled oid and try to "set" it.
07-06-2015 09:08 AM
Just how would i set this up? Doing either putting them on a deadd vlan or shutting the port?
I am very new with clearpass and am just lost on setting something like this up.
Sorry i need so much help but i am lost.
07-06-2015 10:19 AM
do you have an aruba partner that you can ask for help? it might be useful to go through the whole product first with someone who has worked with it before. you will get some replies here most likely, but it is just small things and you might end up with a configuration that be enchanced a lot.
it might also be useful to just google and search here on some examples of clearpass policy examples to get an idea of the flow.
what do you already have working?
07-06-2015 10:43 AM
We have nothing installed.
Its a brand new install that they decided to go with clearpass since they just released the hyper-v version.
having to put in a complete network stack, some AP's and this clearpass policy server.
I have some install guides/administrator guides that i can follow but this isn't a standard case as far as i can see or searching can tell me.
07-06-2015 10:55 AM
who sold you the Aruba ClearPass? can they perhaps also help you with configuring it? what brand is the network switches?
looking back at your original question and if nothing has been configured yet. in principle if you build it correctly (the wired 802.1x template will get you there pretty much) then anyone not getting through authorization will just be denied access. there is no specific need to disable a switchport. why do you want that to happen beyond the user not getting access anyway?