Security

Reply
Frequent Contributor II
Posts: 478
Registered: ‎03-15-2014

can we have unmanged switches to communicate wiith clearpass on controller untrusted port?

I have a controller and Clearpass and we have most of the switches iis unmanged switches and we need to make802.1x and ongaurd healthchecks on users :

 

so my question can we connect all unmanged switches on 1 untruusted port on a controlelr with AAA wired Global profile ??

 

as we tried this but when connecting PC on unmanged switches it doesnt send any 8021x request .

Guru Elite
Posts: 20,785
Registered: ‎03-29-2007

Re: can we have unmanged switches to communicate wiith clearpass on controller untrusted port?

It would be a good idea if you draw a diagram of what you are trying to do.  It is not clear.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 478
Registered: ‎03-15-2014

Re: can we have unmanged switches to communicate wiith clearpass on controller untrusted port?

Here is teh Diagram we have Aruba controller with 1 port configured with Wired AAA and untrusted and we have unmanger switch connected to it with multiple useres where we need each of them to dod full 802.1x and health check with ongaurd,we did this scnario but no 802.1x request sent when connecting the unmangerd switch so what is teh solvent

Guru Elite
Posts: 20,785
Registered: ‎03-29-2007

Re: can we have unmanged switches to communicate wiith clearpass on controller untrusted port?

What would be the purpose of doing wired 802.1x?  802.1x or EAPOL frames are link-local which mean the first switch that sees a 802.1x frame has to do something with it or drop it.  So if you put a switch between your wired clients and another switch doing 802.1x, the second switch (the controller, I guess), will never see the 802.1x frames.  Are you working with a ClearPass reseller on this design?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: