Contributor I

Clearpass Wired authentication

Hi All, 


I am looking to perform wired user authetication via CLearpass and I am totally new to CP. Please help me out. 


Here is my case that I want to implement ( It is really simple, but I am looking for some direction) : 

1. If user connects to the wired network and has a valid certificate, then user must be assigned an employee VLAN

2. If user connects to the wired network and does not have a valid cert, user is assigned a guest VLAN. 


How can I implement this using CP ? There is no wireless involved. 

Guru Elite

Re: Clearpass Wired authentication

What switch vendor and model?
What's the client mix?
Who is issuing the certificate?

Sent from Nine

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Clearpass Wired authentication

Brocade ICX switches ,

Clients are primarily latops ( wired auth only, no wireless users)

Certificate is being issued by a trusted CA .. Radius is being used.

Trusted Contributor I

Re: Clearpass Wired authentication

the CPPM side is quite easy, but on your switch side i can't say anything.


you just build a general service for wired with EAP-TLS authentication and load the CA in the certificate list. next to the radius accept you will send the VLAN ID to the switch.


the question is then what to do on the switch side. you will have to configure the switch to do dot1x authentication and configure the cppm as the radius server.


the final step will be the guest vlan, you would have to do something with a fallback vlan when auth fails. this isn't something very common, but again it is something switch related.

Search Airheads
Showing results for 
Search instead for 
Did you mean: