Security

Reply
Frequent Contributor II
Posts: 478
Registered: ‎03-15-2014

I want to do VLAN enforcement based on device category on MAC authentication?

I have created MAC authentication Service for (Printers,IP Phones,Projectors..etc) now the thing is I want to do VLAn enforcmennt based on Device Category for Example:

 

Printers Shall be in VLAn 20

IP Phones Shall be in VLAN 30

 

the thing is in endpoint I see the MAC of the devices but it is not profiled and Enabled profiling the only devices show as profield the PCs with ongaurd agent so what is the solvent for this issue as I want clearpass to profile all devices so I can do this Enforcment?

Guru Elite
Posts: 8,011
Registered: ‎09-08-2010

Re: I want to do VLAN enforcement based on device category on MAC authentication?

Do you have DHCP helper addresses on your client subnets pointing to
ClearPass?

Also, you'll want to enable profiling in the service for all devices.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Frequent Contributor II
Posts: 478
Registered: ‎03-15-2014

Re: I want to do VLAN enforcement based on device category on MAC authentication?

ady enabled profiling and added the IP helper address on Interface VLANs pointing to Clearpass IP

Guru Elite
Posts: 8,011
Registered: ‎09-08-2010

Re: I want to do VLAN enforcement based on device category on MAC authentication?

Do you have CoA enabled? When the device moves from an unknown to profiled
state, a CoA will be issued to force a reauthentication.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: