Security

Reply

Behaviour of colorless ports when ClearPass fails

Hi guys,

 

In a colorless ports implementation with Cisco switches, if ClearPass failed, what is the behaviour of the ports? Will they be assigned a default dACL? Or is it like 802.1X and MAC auth fails when a guest user connects to the switch port?

 

Regards,

Julián

MVP Guru

Re: Behaviour of colorless ports when ClearPass fails

It depends on the requirements and what type of authentication is enabled on each port.

You could enforce a URL redirect (catch all) when the users fails 802.1X or if the device doesn’t meet any of the Mac authentication conditions (assuming you are using MAB)

Another option is that user/device could be dropped in a guest or remediation VLAN

But at the end of the day it depends on the security requirements for the project



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: Behaviour of colorless ports when ClearPass fails



You could enforce a URL redirect (catch all) when the users fails 802.1X or if the device doesn’t meet any of the Mac authentication conditions (assuming you are using MAB)

Another option is that user/device could be dropped in a guest or remediation VLAN


Hi Victor,

 

Maybe I didn't explain well. When I said "if ClearPass failed" I meant "if ClearPass went down". Then, does this also apply when ClearPass goes down? I believe not since for example a URL redirect or a remediation VLAN should be returned from ClearPass, not possible if ClearPass is down.

 

Regards,

Julián

MVP Guru

Re: Behaviour of colorless ports when ClearPass fails

See here the Cisco switch feature “Inaccessible Authentication Bypass”:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_40_se/configuration/guide/scg/sw8021x.pdf#page13



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: Behaviour of colorless ports when ClearPass fails

Thanks Victor, that's exactly what I was looking for :)

 

Regards,

Julián

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: