Security

Reply
Contributor II

cisco wired 802.1x

hello airheads,

i am setting up Clearpass with a Cisco a 3560 switch and doing

802.1x wired on the ports and works great and i can do downloadable acl's and VLAN assignment. The big question is can we do port based authentication like we do with the HP\Aruba 2930F. I basically want to plug an Aruba Instant into a Cisco switch port and download a "switchport mode trunk" type command. More to say but just want to kick off a discussion. Any ideas?

Guru Elite

Re: cisco wired 802.1x

It’s not recommended to use Aruba Instant on an authenticated access port.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: cisco wired 802.1x

really?

what about on a 2930F HP\Aruba switch?

Re: cisco wired 802.1x

I heard it is possible to do such on Cisco switches with macros. During the authentication, a macro is kicked off that configures the trunk mode, native VLAN and tagged VLANs.

 

Searching the Internet, I found the following article: http://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200492-Securing-a-flexconnect-AP-switchport-wit.html which seems one of the few articles that describes this feature. It is using a feature NEAT that appears to be used to authenticate switches (similar config to IAPs).

 

During my search I found this page that suggests that you can create your own macros as well: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/54sg/configuration/guide/config/automacr.html

 

It may be worth trying this out... unfortunately, I don't have a fully working and tested example, nor I have experience with it. If others have, please post them here as a reply.

 

Please post your experiences here if you succeed (or not succeed).

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: