Security

 View Only

  • 1.  OnConnect Assistance.

    Posted Apr 26, 2019 11:39 AM

    I have just begun learning about the different options to use OnConnect in ClearPass. I am currently trying the SNMP route because I think that may work best for our multi-vendor environment.

     

    I am using a tutorial I found at https://community.arubanetworks.com/t5/Education-Australia-New-Zealand/Configuring-Aruba-OnConnect-for-the-Intelligent-Edge/gpm-p/426200

     

    So far, other than some quirks I have run into detecting the operating systems, it works as planned in a stage environment. 

    I am using ClearPass version 6.8.0.109592 and for a switch I am using a 2930F running 16.08.0002.

     

    I plug a laptop into the switch and it recognizes the OS and sets the proper vlan. If I unplug the ethernet cable the switch still keeps the vlan that was assigned to that port when the laptop was plugged in. 

     

    Is there a way to force the switch to put the port back to the "default" vlan after the laptop is unplugged? To also force all ports to a default vlan unless something is plugged into a port.

    My apologies for the long description. I would search the topic but have no idea what I would search on.



  • 2.  RE: OnConnect Assistance.

    Posted May 02, 2019 12:36 PM

    My personal view is to only use OnConnect where you can't use 802.1X+MACAuth. SNMP enforcement is reactive, thus slower and causing interruptions for the end-user devices while it bounces ports. Multi-vendor support on switches these days is equivalent or better in general for MACAuth than SNMP enforcement. Even if you need to use OnConnect in some places, go for MAC (combined with 1X) wherever you can.

     

    Please work with your Aruba partner and/or local Aruba SE to evaluate the best design/approach for your network.



  • 3.  RE: OnConnect Assistance.

    Posted Sep 29, 2025 11:14 PM

    Hello everyone,

    I tried to replicate the configuration shared in this discussion: OnConnect Assistance.

    Even though I followed the same recommendations, OnConnect is still not taking effect in my environment. The enforcement does not seem to trigger as expected.

    Has anyone else faced this situation when applying the same steps? Could this be related to specific requirements such as ClearPass version, switch model, or firmware compatibility?

    Any insights, troubleshooting tips, or confirmation of prerequisites would be very helpful.

    Thanks in advance.

    -------------------------------------------



Related Content