Hi all,
My company still uses version 6 on its controllers. We’re looking to migrate of course to version 8 - but this will need some planning.
in the mean time; I have tunnelled mode on my switches (3810) tunnelling traffic to the controller.
I want to make multiple user roles on the controller that receives this tunnelled traffic. So I have one already that handles traffic a certain way, but I want to add hundreds more user roles where I can identify traffic by it’s source MAC address; then Clearpass tells that traffic on the controller to be in a different VLAN. Plan being to physically connect a new link from my controllers to a firewall and force the traffic that way.
I'm thinking keep the layer 3 information on the firewall and tunnel everything to the controller and present it as layer 2 ... so we can control that traffic tightly for onward routing.
There will be lots of new user roles to handle new devices that we can only identify by MAC address. Need to lock down this traffic with our controllers and firewall.
Hopefully that makes sense? Not sure if the above is only possible with version 8?
thanks