Dears
Currently I am conducting a POC on clearpass and a cisco switch, we are facing some problems with authentication.
We are basically doing DOT1X using AD for PCs and Mac Auth all for the IP Phones (avaya)
we have to services one for dot1x and one for mac auth..
We have set up the cisco switch configuration for multi-auth and mab and COA and everything looks fine..
Also port is set to voice vlan and access vlan (Data)
when a PC connects he is by default in the data vlan and when he's authenticated the CPPM returns another vlan which is the internet and intranet vlan and he's authenticated..
When a ip phone connects, it authenticates using Mac auth and the CPPM returns cisco-device-class=voice (or something like that) and the ip phone is successfully connected to the voice vlan.the problem is the phone can not get its DHCP...
although if I configured the port without any authentication (dot1x or mac auth) and I set up the port for voice vlan and access vlan, the phone connects and gets its IP normally via dhcp.
I have configured lldp run..
the customer is reluctant to configure anything qos although i doubt it would cause this problem..
The enforcement profile for the phone contains the Vlan assignment plus cisco device traffic, and i tried another one where it returns only cisco device traffic and it gave the ip phone its vlan even faster.
I have rules in enforcement policies based on device category and they're all working fine and the phone and pcs are all profiled and even printers worked fine and were profiled.
I have configured ip helper addresses of cource (The phone gets ip address on an unauthenticated port)
I can't think of something that may cause this problem except some specific commands on the switch's port or a special VSA that needs to be sent from the clearpass that I can't find anywhere...
So please, urgent help is needed and appreciated
P.S. I didn't open a case because they take too long, i'm still awaiting reply since 2 days about a failure to profile a Sun thin client so I matched based on mac vendor and I still haven't received any replies..
Cisco switch model is 3750 pd ef 48 ports..version is 15.0.2se
clearpass is 6.5 on an evaluation VM