Security

Reply
Contributor II
Posts: 40
Registered: ‎05-01-2015

Clearpass profiling bridged access points

[ Edited ]

Hi,

 

For a customer I'm trying to figure out the following.

 

The idea is automatice configuration of HP switches by profiling the devices and assign vlans through policies. I used a guide I found here. Most of it works great but I encountered something I'm not able to figure out.

 

Customer uses locally bridging access points. They are profiling fine and the switchport receives the propper tagged and untagged vlans

 

When a 802.1X client connects to the wifi, it gets authenticated by the wifi controller but the switch also does profiling. Even with a rule added to allow through roles [user authenticated] and [machine authenticated], the switchport won't open. The client doesn't receive a DHCP address and with a fixed address I cannot ping the gateway.

 

A new mac address connecting through wifi gets blocked by the switch altogether because the endpoint is not known and you can only set a single CoA action in the profiler.

 

It looks like the switchport won't open or the traffic is not receiving the right vlan tag. Show port-acces client details only shows the AP mac address, authentication type is mac-based.

 

I expected it to work the same like a VoIP phone where a wired device is connected to. the phone gets mac-based authentication and the wired client gets port-based authenticated.

 

I'm simulating this using a 7005 and a 105 in bridge mode in my lab. I'm using a 2930F version 16.03. vlans are tagged on uplinkport.

 

anyone got bridged AP profiling working?

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: