12-08-2015 04:10 PM
I am looking to perform wired user authetication via CLearpass and I am totally new to CP. Please help me out.
Here is my case that I want to implement ( It is really simple, but I am looking for some direction) :
1. If user connects to the wired network and has a valid certificate, then user must be assigned an employee VLAN
2. If user connects to the wired network and does not have a valid cert, user is assigned a guest VLAN.
How can I implement this using CP ? There is no wireless involved.
Solved! Go to Solution.
12-08-2015 04:12 PM
What's the client mix?
Who is issuing the certificate?
Sent from Nine
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
12-26-2015 06:24 AM
the CPPM side is quite easy, but on your switch side i can't say anything.
you just build a general service for wired with EAP-TLS authentication and load the CA in the certificate list. next to the radius accept you will send the VLAN ID to the switch.
the question is then what to do on the switch side. you will have to configure the switch to do dot1x authentication and configure the cppm as the radius server.
the final step will be the guest vlan, you would have to do something with a fallback vlan when auth fails. this isn't something very common, but again it is something switch related.