Security

Hello, based on your documentations, the configurations below will only work for Cisco 3750 devices and up with IOS 12.2(55) SE7 and above.   Most of our Cisco switches in the remote sites are 3560 layer 3’s.  Only our Data Centers will have Cisco 4500’s and 3750’s.   So the lower-end switches 3000’s and below are not supported by Clearpass?   So what happens with systems that are plugged into the Cisco 3000’s and below?

 

 

 

authentication order dot1x mab

authentication priority dot1x mab

authentication port-control auto

authentication periodic

authentication timer reauthenticate server

mab

dot1x pae authenticator

dot1x timeout server-timeout 30

dot1x timeout tx-period 10

dot1x max-req 3

dot1x max-reauth-req 3

 

If you have the correct sytax for above it would be greatly apprecated. 

 

Tahnks,

Sorry part of my message didnt come up, there was a POC being set up for a customer and they sent the response I posed back to me. 

 

Thanks, 

As far as cisco goes Its usually the same as CISCO ISE. Clearrpass is a huge database, radius server, we server. It will do whatever your device is capable of. You always have the option of running aruba controller in-line and using PEF licence to control traffic.

We do NAC on 2960cg, 2960X, 3560, 3750. We got rid of 2940 and 3550 because of our environment but they would work if the network is not too complex.

Thanks for the reply. Do you know where I can get the Syntax for the customerso they can install it with their existing switchs? the POC documentation only has it for the higher Cisco switches. 

 

Thanks, 

Just look at cisco ISE. Most feature are supported with hardware that is not end-of-support. All hardware that's not end of life you should be okay. You need to read the notes on your hardware. Clearrpass is open standards. It will handle radius. So whatever your devices supports it will do.