Hi all,
I can't find any valuable information on this in the documentation.
We have RAPs that have 802.1X and MAC-Auth configured on their wired ports. The controller authenticates to ClearPass and it works fine.
CPPM returns a local user-profile, which is Split-Tunneling, but only the local network is splitted, everything else is tunneled. This is to have local traffic in the branch switched.
Currently, only one device is connected to one port. We have the request to place a switch behind a RAP wired port.
Now my question: Can I change how the port authenticates?
Like, on a switchport, I could send the VSA that changes the port-mode from user-mode to port-mode authentication. I do that to enable a local breakout on an Instant AP, for example. Is something similar possible with RAP wired ports? So that the switch can authenticate devices on the switch and the RAP only authenticates the first device?
I want to have the switch authenticate itself, maybe via MAC-auth and DHCP enable not sure yet, and then every device on the switch should authenticate to the switch. But the other devices should not need to authenticate to the RAP port again.
Thanks,
Bjarne
------------------------------
AutoCreation
------------------------------