Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

This thread has been viewed 7 times

  • 1.  Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

    Posted Nov 27, 2017 07:02 AM

    Hi everyone.

     

    I have 802.1x and MAB set up on the same port using a HP2530 switch. I'm using Clearpass 6.6.8 and the firmware on the switch is 16.04.

     

    I would like to use a priority order for the authentication methods. First I would like to authenticate by 802.1x and if that fails continue with MAB. I can see that both methods are used at the same time. This results in that some clients end up in a guest VLAN for a few seconds before they finally end up in the correct VLAN using 802.1x. If I were to use a Cisco switch I would be able to set the authentication order in the switch config but is that possible when using a HPE/Aruba switch? If not, do you have any suggestions to resolve it in some other way?

     

    Some of the config:

    aaa authentication port-access eap-radius server-group "CPPM" cached-reauth
    aaa authentication mac-based chap-radius server-group "CPPM"

    aaa port-access authenticator 1-4
    aaa port-access authenticator 1 quiet-period 30
    aaa port-access authenticator 1 auth-vid 10
    aaa port-access authenticator 1 logoff-period 86200

    aaa port-access authenticator active

    aaa port-access mac-based 1-4
    aaa port-access mac-based 1 addr-limit 10
    aaa port-access mac-based 1 logoff-period 862400
    aaa port-access mac-based 1 quiet-period 30
    aaa port-access mac-based 1 auth-vid 10



  • 2.  RE: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?
    Best Answer

    EMPLOYEE
    Posted Nov 27, 2017 07:21 AM
    No, this is not possible today.


  • 3.  RE: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

    Posted Feb 19, 2018 09:51 PM

    And whats the order if you have all the above and throw in the CleassPass captive portal to th mix?

     

    aaa authentication captive-portal profile PROFILE url https://portal.com

    aaa authentication captive-portal enable
    aaa port-access authenticator active



  • 4.  RE: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

    EMPLOYEE


  • 5.  RE: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

    Posted Feb 20, 2018 12:27 AM
    Rumor has it that the feature to select order will show up in 16.06.

    -Petter


  • 6.  RE: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

    Posted May 15, 2018 10:57 AM
    @petter.millerwrote:
    Rumor has it that the feature to select order will show up in 16.06.

    -Petter

    Hello Peter,

    Do we have any news about MAB in release 16.06?

    Thank you!

    Michal



  • 7.  RE: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

    Posted May 16, 2018 05:42 AM

    As far as I know 16.06 is still not released. I'm waiting for it...

     

    -Petter



  • 8.  RE: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

    EMPLOYEE
    Posted May 16, 2018 02:15 PM

    Aruba's Wired Intelligent Edge Switching Product Management team is currently looking into adding this feature to ArubaOS-Switch.  

     

    JUSTIN NOONAN
    TECHNICAL MARKETING ENGINEER – ARUBA WIRED INTELLIGENT EDGE
    O: +1 916 540 1748   |   justin.noonan@hpe.com

    8000 FOOTHILLS BLVD  |  ROSEVILLE, CA 95747 USA



  • 9.  RE: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

    Posted Jul 03, 2018 08:23 AM

    Hi Justin,

     

    Any update on this one? I don't see any detail on this in the initial 16.06 release. Been seeking this feature for years!

     

    Regards

    Jono



  • 10.  RE: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

    EMPLOYEE
    Posted Jul 03, 2018 10:55 AM
    It will not be in 16.06.


  • 11.  RE: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

    Posted Jul 03, 2018 01:19 PM
    That is too bad. Have customers that really need the feature to select an authentication order when using MAB together with 802.1x.

    -Petter


  • 12.  RE: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?
    Best Answer

    Posted Dec 14, 2018 12:08 AM

    Afternoon, just wanted to update this thread to advise that ArubaOS -Switch 16.08 has been released which adds support for specifying authentication order and priority.

     

    I've had a bit of a play on a lab switch (2930f) with some good success. The 2530 model is also supported.

     

    Cheers

    Jono



  • 13.  RE: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

    Posted Dec 14, 2018 12:42 AM

    Hi.

    I've tried 16.08 in my lab as well and it seems to be working as expected. Good times to be alive! :)

     

    Regards,

    Petter