IMC
cancel
Showing results for 
Search instead for 
Did you mean: 

IMC, compliance vs reporting for 802.1X auth

Nicolas_NS
Occasional Visitor

IMC, compliance vs reporting for 802.1X auth

Hello everyone,

We are deploying Clearpass in one of our sites, fully equipped with HP switches. Our boss wants us to be able to provide dynamic reporting to see how many ports are "aaa port-access authenticator" and how many are "aaa port-access mac-based" and how many are left to process.

I have been trying and reading around Reports but did not find anything about creating your own report from scratch.

I have also explored the Compliance Center but I got into a deadend. I don't know how I could tell IMC to check that for every interface of a switch at least one of the two directives exists ("aaa port-access authenticator X" and/or "aaa port-access mac-based X", X being the number of the interface). The problem is that you get a line for every protected interface but nothing for the others. So you should have 24 lines on a 24 ports switch. Not to mention the fact that you can write "aaa port-access authenticator X-Y,Z,A"...

I guess there could be another option by trying to create a custom SNMP tool but this seems to be to high a step for me :-/ I am volunter to try if someone can think of something though.

Has anybody ever had the same issue ? Can someone help me or point me to an interesting documentation ? I am a python-aware guy so won't mind to write jython scripts but there is not so much documentation out there.

Thanks in advance guys, and sorry for my french english ;-)

Nicolas

2 REPLIES
NeilR
Respected Contributor

Re: IMC, compliance vs reporting for 802.1X auth

if the switches are procurve the show-port-access config command will show the status for all interfaces, but you would have to parse the results. You could run a task against all the switches, and then reduce the output. Not totally convenient but you could get there.

 

Nicolas_NS
Occasional Visitor

Re: IMC, compliance vs reporting for 802.1X auth

Thanks a lot Neil. I have been searching for alternate solutions, including via the REST API but your idea is from far the best I have left ;-)

Nicolas