last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

cisco wired 802.1x

This thread has been viewed 16 times
  • 1.  cisco wired 802.1x

    Posted Jun 22, 2017 11:06 AM

    hello airheads,

    i am setting up Clearpass with a Cisco a 3560 switch and doing

    802.1x wired on the ports and works great and i can do downloadable acl's and VLAN assignment. The big question is can we do port based authentication like we do with the HP\Aruba 2930F. I basically want to plug an Aruba Instant into a Cisco switch port and download a "switchport mode trunk" type command. More to say but just want to kick off a discussion. Any ideas?

  • 2.  RE: cisco wired 802.1x

    Posted Jun 22, 2017 11:11 AM
    It’s not recommended to use Aruba Instant on an authenticated access port.

  • 3.  RE: cisco wired 802.1x

    Posted Jun 22, 2017 11:14 AM


    what about on a 2930F HP\Aruba switch?

  • 4.  RE: cisco wired 802.1x

    Posted Jun 23, 2017 03:10 AM

    I heard it is possible to do such on Cisco switches with macros. During the authentication, a macro is kicked off that configures the trunk mode, native VLAN and tagged VLANs.


    Searching the Internet, I found the following article: which seems one of the few articles that describes this feature. It is using a feature NEAT that appears to be used to authenticate switches (similar config to IAPs).


    During my search I found this page that suggests that you can create your own macros as well:


    It may be worth trying this out... unfortunately, I don't have a fully working and tested example, nor I have experience with it. If others have, please post them here as a reply.


    Please post your experiences here if you succeed (or not succeed).