03-28-2014 10:57 AM
Am I missing some small step as to what transports the Radius credentials over the wire? I have a computer plugged into a 2500 mobility switch, with the port set to tunneled. I then have a AAA profile on the controller that directs toward the clearpass server.
I see in the Access Tracker that a MAC that is my NIC card is being rejected by the Service I have setup to authenticate. This is happening I assume because it is coming through as a MAC and not a radius authentication.
Is there someone that has some example of what the AAA profile should look like? I am assuming that's where it falls short.
Solved! Go to Solution.
03-28-2014 10:59 AM
Do you have an 802.1X profile and server-group specified in your AAA profile?
03-28-2014 11:11 AM
I have the profile set to Default.
I just tried turning MAC Authentication to N/A and that seems to have stopped it from being rejected by the service I setup. However, it now "accept" it in another service by the MAC.
Attached is a clip of the AAA profile.
03-28-2014 11:15 AM
Did you use the service wizard to create an 802.1X wired service?
03-28-2014 11:19 AM
There is a Wizard? I just went under Configuration > Services > Add
I've attached a clip of the Service Created.
I'm really just trying to proof of concept before I start including a lot of rules.
We have 2 Domains that we authenticate to, I don't know if that could add to this issue.
03-28-2014 12:37 PM
Perhaps I don't fully understand the concept. Is it possible to use domain credentials that you log into a machine with and have those passed through to the Radius server?
I'm thinking about it and I suppose we make users type in their username and password to access our wireless.
I started thinking down this path because when I open a browser now I I get a "Web Authentication is disabled." message.
03-28-2014 12:39 PM
So it sounds like your users are getting dumped into a role with a captive portal.
On Windows you need to enabled the Wired 802.1X service. It is disabled by default. Once that is done, on Windows 7 it will automatically try machine auth at the login screen and change to user auth when it reaches the desktop.
03-28-2014 12:46 PM
I don't know why I didn't think about needing to enable 802.1x authentication but that surely hadn't crossed my mind.
Once I enabled 802.1x on my machine, 802.1x authentication began to work. (who would have thought?)
For anyone else that may also run into this issue. Here is how to enable 802.1x Authentication for Windows.
03-28-2014 12:50 PM
If you are doing this on a large scale, you can enable the service and also configure authentication settings via Group Policy.