Security

Reply
Occasional Contributor I

Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

Hi everyone.

 

I have 802.1x and MAB set up on the same port using a HP2530 switch. I'm using Clearpass 6.6.8 and the firmware on the switch is 16.04.

 

I would like to use a priority order for the authentication methods. First I would like to authenticate by 802.1x and if that fails continue with MAB. I can see that both methods are used at the same time. This results in that some clients end up in a guest VLAN for a few seconds before they finally end up in the correct VLAN using 802.1x. If I were to use a Cisco switch I would be able to set the authentication order in the switch config but is that possible when using a HPE/Aruba switch? If not, do you have any suggestions to resolve it in some other way?

 

Some of the config:

aaa authentication port-access eap-radius server-group "CPPM" cached-reauth
aaa authentication mac-based chap-radius server-group "CPPM"

aaa port-access authenticator 1-4
aaa port-access authenticator 1 quiet-period 30
aaa port-access authenticator 1 auth-vid 10
aaa port-access authenticator 1 logoff-period 86200

aaa port-access authenticator active

aaa port-access mac-based 1-4
aaa port-access mac-based 1 addr-limit 10
aaa port-access mac-based 1 logoff-period 862400
aaa port-access mac-based 1 quiet-period 30
aaa port-access mac-based 1 auth-vid 10

Guru Elite

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

No, this is not possible today.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: