11-27-2017 04:02 AM
I have 802.1x and MAB set up on the same port using a HP2530 switch. I'm using Clearpass 6.6.8 and the firmware on the switch is 16.04.
I would like to use a priority order for the authentication methods. First I would like to authenticate by 802.1x and if that fails continue with MAB. I can see that both methods are used at the same time. This results in that some clients end up in a guest VLAN for a few seconds before they finally end up in the correct VLAN using 802.1x. If I were to use a Cisco switch I would be able to set the authentication order in the switch config but is that possible when using a HPE/Aruba switch? If not, do you have any suggestions to resolve it in some other way?
Some of the config:
aaa authentication port-access eap-radius server-group "CPPM" cached-reauth
aaa authentication mac-based chap-radius server-group "CPPM"
aaa port-access authenticator 1-4
aaa port-access authenticator 1 quiet-period 30
aaa port-access authenticator 1 auth-vid 10
aaa port-access authenticator 1 logoff-period 86200
aaa port-access authenticator active
aaa port-access mac-based 1-4
aaa port-access mac-based 1 addr-limit 10
aaa port-access mac-based 1 logoff-period 862400
aaa port-access mac-based 1 quiet-period 30
aaa port-access mac-based 1 auth-vid 10
Solved! Go to Solution.