Security

Reply
Highlighted
Occasional Contributor II

Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

Hi everyone.

 

I have 802.1x and MAB set up on the same port using a HP2530 switch. I'm using Clearpass 6.6.8 and the firmware on the switch is 16.04.

 

I would like to use a priority order for the authentication methods. First I would like to authenticate by 802.1x and if that fails continue with MAB. I can see that both methods are used at the same time. This results in that some clients end up in a guest VLAN for a few seconds before they finally end up in the correct VLAN using 802.1x. If I were to use a Cisco switch I would be able to set the authentication order in the switch config but is that possible when using a HPE/Aruba switch? If not, do you have any suggestions to resolve it in some other way?

 

Some of the config:

aaa authentication port-access eap-radius server-group "CPPM" cached-reauth
aaa authentication mac-based chap-radius server-group "CPPM"

aaa port-access authenticator 1-4
aaa port-access authenticator 1 quiet-period 30
aaa port-access authenticator 1 auth-vid 10
aaa port-access authenticator 1 logoff-period 86200

aaa port-access authenticator active

aaa port-access mac-based 1-4
aaa port-access mac-based 1 addr-limit 10
aaa port-access mac-based 1 logoff-period 862400
aaa port-access mac-based 1 quiet-period 30
aaa port-access mac-based 1 auth-vid 10

Guru Elite

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

No, this is not possible today.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

And whats the order if you have all the above and throw in the CleassPass captive portal to th mix?

 

aaa authentication captive-portal profile PROFILE url https://portal.com

aaa authentication captive-portal enable
aaa port-access authenticator active

Guru Elite

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

Occasional Contributor II

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

Rumor has it that the feature to select order will show up in 16.06.

-Petter
New Contributor

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?


@petter.millerwrote:
Rumor has it that the feature to select order will show up in 16.06.

-Petter

Hello Peter,

Do we have any news about MAB in release 16.06?

Thank you!

Michal

Occasional Contributor II

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

As far as I know 16.06 is still not released. I'm waiting for it...

 

-Petter

Aruba Employee

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

Aruba's Wired Intelligent Edge Switching Product Management team is currently looking into adding this feature to ArubaOS-Switch.  

 

JUSTIN NOONAN
TECHNICAL MARKETING ENGINEER – ARUBA WIRED INTELLIGENT EDGE
O: +1 916 540 1748   |   justin.noonan@hpe.com

8000 FOOTHILLS BLVD  |  ROSEVILLE, CA 95747 USA

New Contributor

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

Hi Justin,

 

Any update on this one? I don't see any detail on this in the initial 16.06 release. Been seeking this feature for years!

 

Regards

Jono

Guru Elite

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

It will not be in 16.06.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: