We are jsut starting to leverage Clearpass for authentication on our switches and I'm trying to find the right way to assign roles based on a combination of switch and port.
These are third party switches, and the best I've been able to figure out it to make individual role rule entries using the IETF-NAS-Identifier and IETF-NAS-Port. Since those are two seperate values I have to make individual entries for each pair.
For example, if I want to identify specific ports on our network allowed to service PCI related devices, I have to put in individual entries for each switch/port pair. Event if I could find a value that was the switch/port pair, that would make that a *lot* cleaner.
Am I missing something somewhere, is there a better way to do that? (I hope!)
Many Thanks.
--Bryan