04-26-2019 08:39 AM
I have just begun learning about the different options to use OnConnect in ClearPass. I am currently trying the SNMP route because I think that may work best for our multi-vendor environment.
So far, other than some quirks I have run into detecting the operating systems, it works as planned in a stage environment.
I am using ClearPass version 220.127.116.11592 and for a switch I am using a 2930F running 16.08.0002.
I plug a laptop into the switch and it recognizes the OS and sets the proper vlan. If I unplug the ethernet cable the switch still keeps the vlan that was assigned to that port when the laptop was plugged in.
Is there a way to force the switch to put the port back to the "default" vlan after the laptop is unplugged? To also force all ports to a default vlan unless something is plugged into a port.
My apologies for the long description. I would search the topic but have no idea what I would search on.
Re: OnConnect Assistance.
05-02-2019 09:35 AM
My personal view is to only use OnConnect where you can't use 802.1X+MACAuth. SNMP enforcement is reactive, thus slower and causing interruptions for the end-user devices while it bounces ports. Multi-vendor support on switches these days is equivalent or better in general for MACAuth than SNMP enforcement. Even if you need to use OnConnect in some places, go for MAC (combined with 1X) wherever you can.
Please work with your Aruba partner and/or local Aruba SE to evaluate the best design/approach for your network.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).