Security

Greetings, I have created an enforcement profile that sends a Cisco interface description command when a dot1x athenticated device gets plugged into a switch. The command puts the hostname/IP description of the computer on the switch interface. If I move the device to a different port, it will do the same on the new port, but the previous port still is labeled with the same description. Does anyone know how to have Clearpass remove the old port description when the device is moved to a new port?

Here is the enforcement profile attributes command I am using to label the port:

config terminal
interface %{Radius:IETF:NAS-Port-Id}
description CP-%{Host:Name}-%{Radius:IETF:Framed-IP-Address}

Here is the result on the switch:

show int desc

Gi1/0/1 up  Laptop-xyz 10.10.10.10
Gi1/0/2 down Laptop-xyz 10.10.10.10

I'm using a CLI based enforcement profile

I'm using the CLI enforcement because for example, when I use a VLAN enforcement profile, on the cisco show run interface GigabitEthernet1/0/1, it does not display the switchport access vlan XXX, you can only see the VLAN of the port in the "show int status". When CLI enforcement is used the show run of the interface actually show the correct VLAN and allows me to add an interface description.

Is the a better way to accomplish this with a didderent typ of enforcement profile? I just need the proper VLAN/Description of the interface and it to be removed if the device moves to another port.  Thanks!