Security

Reply
MVP
Posts: 301
Registered: ‎04-03-2014

Endpoints discovered via SNMP scan to be automatically "Known"

Hi!

 

I´ve set up a subnet scan and SNMP configuration under "Profile Settings" for profiling the printer subnet. The printers all have static IP-addresses. My next step is to connect them to a 802.1X with Mac-auth-bypass switchport so I´d like them to be marked as "Known" as soon as they are profiled via the subnet scan so they can pass mac-auth.

 

Anyone have suggestions on how to accomplish this?

 

Cheers,

 

 

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
Guru Elite
Posts: 8,188
Registered: ‎09-08-2010

Re: Endpoints discovered via SNMP scan to be automatically "Known"

You can use Allow All MAC-Auth combined with authorization using the profile
data.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
MVP
Posts: 301
Registered: ‎04-03-2014

Re: Endpoints discovered via SNMP scan to be automatically "Known"

So step one to use subnet scan while connected to a non-authentication port to collect the profile data.

 

Step two connect it to the switchport with authentication and place it in the guest-VLAN via Allow all mac auth and also mark it as known in endpoint DB and then bounce it to be correctly assigned printer VLAN?

 

I also want a guest to be able to connect to these switchport and get the guest-VLAN without being bounced off again. Maybe there´s a way to differentiate a guest from a previously profiled printer. I´ll give it a try.

 

Thanks,

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
MVP
Posts: 4,172
Registered: ‎07-20-2011

Re: Endpoints discovered via SNMP scan to be automatically "Known"

Step two connect it to the switchport with authentication and place it in the guest-VLAN via Allow all mac auth and also mark it as known in endpoint DB and then bounce it to be correctly assigned printer VLAN?
That's correct

You can put in place that if device is profiled as a computer then T that device will be placed on the guest but it will need to be bounced initially to get the profile information

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: