Hello everyone,
We have an implementation where default switch port config is secured with 802.1x. Such ports are used for end-user PC's which are capable of carrying certificate. When there is a need to connect a simple device such as a printer, we disable dot1x on the switch port and statically configure it to accept only a single MAC address.
I am interested in a) unifying switch port config and b) store the MAC addresses of the printers in central database rather than at individual switch port configs.
I have a Clearpass server available and I was already able to authenticate a device via MAC AUTH authentication method using a Static Host List as an authentication source.
What I am missing with the Static Host List is that each entry has only a single value which is the MAC address itself. I would be interested in the list entries to:
1. Be either manually created or approved by sponsor in case of automatic creation
2. Expire once the end-device stays offline for certain period of time
3. Have a comment/description (this one is nice to have but not mandatory)
I was looking at using Endpoints Repository instead of Static Host List as authentication source, but still I am not sure whether it can satisfy the requirements.
Could you be so kind as to give me a piece of advice where to look in the Clearpass to make this work, please?
Thank you and have a nice day