Frequent Contributor II

cisco wired 802.1x

hello airheads,

i am setting up Clearpass with a Cisco a 3560 switch and doing

802.1x wired on the ports and works great and i can do downloadable acl's and VLAN assignment. The big question is can we do port based authentication like we do with the HP\Aruba 2930F. I basically want to plug an Aruba Instant into a Cisco switch port and download a "switchport mode trunk" type command. More to say but just want to kick off a discussion. Any ideas?

Guru Elite

Re: cisco wired 802.1x

It’s not recommended to use Aruba Instant on an authenticated access port.

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Frequent Contributor II

Re: cisco wired 802.1x


what about on a 2930F HP\Aruba switch?

Re: cisco wired 802.1x

I heard it is possible to do such on Cisco switches with macros. During the authentication, a macro is kicked off that configures the trunk mode, native VLAN and tagged VLANs.


Searching the Internet, I found the following article: which seems one of the few articles that describes this feature. It is using a feature NEAT that appears to be used to authenticate switches (similar config to IAPs).


During my search I found this page that suggests that you can create your own macros as well:


It may be worth trying this out... unfortunately, I don't have a fully working and tested example, nor I have experience with it. If others have, please post them here as a reply.


Please post your experiences here if you succeed (or not succeed).

If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: