I have a ClearPass deployment with Cisco switches, doing MAC Auth and 802.1x in some cases. Is there a way to detect that a client has moved from one port to another? I've seen this attribute on the Access Tracker (Radius:IETF:NAS-Port-Id) but I cannot compare it to a previous successful authentication.
Please let me know if I wasn't clear enough.
Did you look for Radius attribute Radius IETF NAS-Port which actual indicates the physical port number of the NAS which is authenticating the user?
Yes, in fact that attribute is exactly what I need, but I need to compare it to a previous auth. For example, let's say yesterday I authenticated succesfully on port 4. Today, if I connect to port 3 I should be denied because "Radius IETF NAS-Port" is "3", and my last authentication was on port 4. I need to query that previous auth from somewhere.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.