Contributor II

Clearpass profiling bridged access points



For a customer I'm trying to figure out the following.


The idea is automatice configuration of HP switches by profiling the devices and assign vlans through policies. I used a guide I found here. Most of it works great but I encountered something I'm not able to figure out.


Customer uses locally bridging access points. They are profiling fine and the switchport receives the propper tagged and untagged vlans


When a 802.1X client connects to the wifi, it gets authenticated by the wifi controller but the switch also does profiling. Even with a rule added to allow through roles [user authenticated] and [machine authenticated], the switchport won't open. The client doesn't receive a DHCP address and with a fixed address I cannot ping the gateway.


A new mac address connecting through wifi gets blocked by the switch altogether because the endpoint is not known and you can only set a single CoA action in the profiler.


It looks like the switchport won't open or the traffic is not receiving the right vlan tag. Show port-acces client details only shows the AP mac address, authentication type is mac-based.


I expected it to work the same like a VoIP phone where a wired device is connected to. the phone gets mac-based authentication and the wired client gets port-based authenticated.


I'm simulating this using a 7005 and a 105 in bridge mode in my lab. I'm using a 2930F version 16.03. vlans are tagged on uplinkport.


anyone got bridged AP profiling working?


Search Airheads
Showing results for 
Search instead for 
Did you mean: