Hi,
We currently have dot1x enabled on our Cisco switches with IP device tracking enabled.
We have a lot of laptops with docks and unfortunately a lot of dumb switches. These types of setups seem to mess up the Cisco switches ability to clear authenticated sessions properly when a device is unplugged. I believe these devices trick the Cisco switch into thinking the client is actually still connected.
What ends up happening is that the ClearPass fills up with a ton of failed mac auth attempts.
If you go on the swith and run:
show authenticated session | include UNKNOWN
You will see a ton of unknown sessions. These can then be cleared and you stop seeing hits in the ClearPass. I currently have an ansible script to SSH into each switch and clear these unknown sessions. I was wondering though if there was a way to do this directly from ClearPass?
Can CLI Based Enforcement profiles be used to run commands on Cisco swithes? As an example:
clear authenticated session mac {%Radius:IETF:User-Name%}
I would only want to run this command if the username was a mac and had failed 5 times or something along those lines.
Not sure if this is possible directly from ClearPass or not.
Cheers