Security

Hi!

 

I´ve set up a subnet scan and SNMP configuration under "Profile Settings" for profiling the printer subnet. The printers all have static IP-addresses. My next step is to connect them to a 802.1X with Mac-auth-bypass switchport so I´d like them to be marked as "Known" as soon as they are profiled via the subnet scan so they can pass mac-auth.

 

Anyone have suggestions on how to accomplish this?

 

Cheers,

 

 

You can use Allow All MAC-Auth combined with authorization using the profile
data.

So step one to use subnet scan while connected to a non-authentication port to collect the profile data.

 

Step two connect it to the switchport with authentication and place it in the guest-VLAN via Allow all mac auth and also mark it as known in endpoint DB and then bounce it to be correctly assigned printer VLAN?

 

I also want a guest to be able to connect to these switchport and get the guest-VLAN without being bounced off again. Maybe there´s a way to differentiate a guest from a previously profiled printer. I´ll give it a try.

 

Thanks,

Step two connect it to the switchport with authentication and place it in the guest-VLAN via Allow all mac auth and also mark it as known in endpoint DB and then bounce it to be correctly assigned printer VLAN?
That's correct

You can put in place that if device is profiled as a computer then T that device will be placed on the guest but it will need to be bounced initially to get the profile information

Get Outlook for iOS