a month ago
i am setting up Clearpass with a Cisco a 3560 switch and doing
802.1x wired on the ports and works great and i can do downloadable acl's and VLAN assignment. The big question is can we do port based authentication like we do with the HP\Aruba 2930F. I basically want to plug an Aruba Instant into a Cisco switch port and download a "switchport mode trunk" type command. More to say but just want to kick off a discussion. Any ideas?
a month ago
I heard it is possible to do such on Cisco switches with macros. During the authentication, a macro is kicked off that configures the trunk mode, native VLAN and tagged VLANs.
Searching the Internet, I found the following article: http://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200492-Securing-a-flexconnect-AP-switchport-wit.html which seems one of the few articles that describes this feature. It is using a feature NEAT that appears to be used to authenticate switches (similar config to IAPs).
During my search I found this page that suggests that you can create your own macros as well: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/54sg/configuration/guide/config/automacr.html
It may be worth trying this out... unfortunately, I don't have a fully working and tested example, nor I have experience with it. If others have, please post them here as a reply.
Please post your experiences here if you succeed (or not succeed).
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).