11-28-2018 02:22 AM
I'm looking to protect the ports on Aruba switches with dot1x / mac-auth via Clearpass. There are Instant access points which have untagged and tagged vlans (of course) to bridge the user traffic onto the network. This means that when enabeling dot1x/mac-auth on the port, all client traffic is also tagged via the wired policies (in stead of the wireless). Is there a way to handle this so the client traffic is allowed following the wireless policies, but the physical port is protected and only allows the physical connection as defined in the wired policies?
Solved! Go to Solution.