Wireless Access

I've found a few very good tutorials on setting up offloading the RAP whitelist to Clearpass for onboarding new RAPs, but one thing that's not clear to me is if that's a one-shot, first time deal, or are the RAPs reauthenticated periodically?  Basically, I'm looking to start deploying some RAPs to end users in the nearish future, and have an eye on what the offboarding process will look like.  If I could can an entry in Clearpass and have it also get deauthenticated from the controllers, that would be a big win.  (Bonus points if I could associate an AD account with each RAP, and have it's whitelist entry withdrawn when the AD account gets terminated!)

The RAP is authenticated when it attempts to connect to the controller. It
would only reauthenticate if it rebooted and reconnected.



All APs operate the same way. Campus APs are validated against the internal
whitelist when they first connect.

OK, so that just means that we'd need to include disabling any issued RAPs as part of our manual offboarding process.  Not as ideal as just doing Clearpass magic, but good to know nonetheless.

 

thanks!

The RAP is authenticated when it attempts to connect to the controller. It
would only reauthenticate if it rebooted and reconnected.



All APs operate the same way. Campus APs are validated against the internal
whitelist when they first connect.