CLI enforcement has been added in the past for a very specific use-case, where there was no alternative. It's not recommended to use in any way, not it is heavily tested as far as I know. Personally, I've done many things with ClearPass, but never needed or tested this functionality.
You may work with support and see if they can help you troubleshooting, or you may be extremely lucky if someone reading this has done this and found out how to do it.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jan 17, 2025 05:56 PM
From: helpmeplease
Subject: CLI Enforcement support for Extreme Switches
Hi All, within our dot1x auth service we have been used to using an CLI enforcement profile to log in to our cisco switches and write a description of the authenticated device to the port and this has worked well for years, however, now we are moving to extreme switches (universal hardware, 5320s etc, running VOSS) and it seems Clearpass will not even make an attempt to log in to the extreme switch when the same (adjusted) profile is applied. I can tell because I should see clearpass's user account in access tracker (radius request) but not for these extreme switches? I found some release notes where this issue was called out and supposed to be fixed in 6.5.0 or at least 6.5.5. but we are well beyond that release. Anyone have any insight here? Thanks so much.