07-10-2014 12:13 PM
I'm having a few problems with our new 802.1x rollout. I'm using Clearpass with 3400 controllers.
Users are getting blacklisted after one failed authentication. This could happen if they roam between controllers, or if an AD auth fails for some reason.
Can someone comment on best practices in setting up blacklisting? Do I need to use it at all?
I'm guessing that there's some interaction between blacklisting and users getting locked out of AD during a password change?
What are other gotchas?
Can I blacklist some networks and not others, or at least have different settings?
My current setup is unusable.
Thanks for the help,
07-10-2014 12:43 PM
I would remove blacklisting for now..
It is best used when the threshold is below a user's AD lockout count. 802.1x supplicants submit authentications multiple times and can easily get a device blacklisted as a result.
I would get a stable network and then determine how blacklisting fits into it.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs