Security

last person joined: 13 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

After configuring the clearpass with cisco switch for MAC and 802.1x I got port error disable?

This thread has been viewed 3 times

  • 1.  After configuring the clearpass with cisco switch for MAC and 802.1x I got port error disable?

    Posted Oct 19, 2015 09:10 AM

    I have a problem showedd up after ocnfiguring teh global configs and port config on cisco switch and connected Cisco IP phone and Computer connected from Ip-Phone and port go error disable and configs as below:

     

     

    switchport mode access
     switchport access vlan 1
     authentication order dot1x mab
     authentication priority dot1x mab
     authentication port-control auto
     authentication periodic
     authentication timer reauthenticate server
     mab
     dot1x pae authenticator
     dot1x timeout server-timeout 30
     dot1x timeout tx-period 30
     dot1x timeout supp-timeout 30
     dot1x max-req 3
     dot1x max-reauth-req 10
     spanning-tree portfast



  • 2.  RE: After configuring the clearpass with cisco switch for MAC and 802.1x I got port error disable?

    EMPLOYEE
    Posted Oct 19, 2015 09:12 AM
    What does the err-disable log say?


  • 3.  RE: After configuring the clearpass with cisco switch for MAC and 802.1x I got port error disable?

    Posted Oct 19, 2015 10:42 AM

    Actually I couldnt see it so what is teh command that I can run?



  • 4.  RE: After configuring the clearpass with cisco switch for MAC and 802.1x I got port error disable?

    EMPLOYEE
    Posted Oct 19, 2015 10:54 AM
    show interface status err-disabled


  • 5.  RE: After configuring the clearpass with cisco switch for MAC and 802.1x I got port error disable?

    Posted Oct 20, 2015 02:13 AM

    Switch#show interfaces status err-disabled

    Port      Name               Status       Reason               Err-disabled Vlans
    Gi1/0/12  *** Connected To A err-disabled security-violation
    Switch#



  • 6.  RE: After configuring the clearpass with cisco switch for MAC and 802.1x I got port error disable?

    Posted Oct 20, 2015 04:18 AM

    I figured it out it was issue because of host mode I used this configuration below but the thing is I didnt see any mac request from IP Phone and it work normally:

     

     switchport mode access
     switchport voice vlan 22
     authentication host-mode multi-host
     authentication order dot1x mab
     authentication priority dot1x mab
     authentication port-control auto
     authentication periodic
     authentication timer reauthenticate server
     mab
     mls qos trust device cisco-phone
     dot1x pae authenticator
     dot1x timeout server-timeout 30
     dot1x timeout tx-period 10
     dot1x max-req 3
     dot1x max-reauth-req 10
     storm-control broadcast level 30.00
     spanning-tree portfast
     spanning-tree bpduguard enable