09-07-2015 01:45 PM
I have read the tech note abput HP Switches Integration with clearpass I have inquiry about can i do both dot1x and MAC authentication on the same port a cisco also I want7 to verify if the below conigs will maek 802.1xx and MAC authebtciation work well or no :
CPPM-2920(config)# radius-server host 10.2.100.161 key my_shared_secret
CPPM-2920(config)# radius-server host 10.2.100.161 dyn-authorization
CPPM-2920(config)# radius-server host 10.2.100.161 time-window 0
CPPM-2920(config)#aaa accounting network start-stop radius server-group radius
CPPM-2920(config)# aaa accounting update periodic 2
CPPM-2920#(config)# dhcp-snooping vlan 1 2 3 4...
CPPM-2920#(config)# dhcp-snooping trust <port-list>
CPPM-2920(config)# aaa authentication port-access eap-radius
CPPM-2920(config)# aaa port-access authenticator active
CPPM-2920(config)# aaa port-access authenticator 6-12 client-limit 1
CPPM-2920(config)# aaa port-access authenticator <port ID list> unauth-period <seconds>
CPPM-2920(config)# aaa port-access mac-based 6-12
CPPM-2920(config)# aaa port-access mac-based 6-12 quiet-period 30
CPPM-2920(config)# aaa port-access mac-based 6-12 auth-vid 710
Solved! Go to Solution.
09-08-2015 04:03 AM
1. Download the latest firmware here: https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=J9729A
2. Setup your radius server:
radius-server host 192.168.1.17 key "aruba123" radius-server host 192.168.1.17 dyn-authorization
3. Setup mac based and 802.1x-based authentication on ports 9 to 12:
aaa authentication port-access eap-radius server-group "cppm" aaa authentication mac-based chap-radius server-group "cppm" aaa port-access authenticator 9-12 aaa port-access authenticator 9 client-limit 1 aaa port-access authenticator 10 client-limit 1 aaa port-access authenticator 11 client-limit 1 aaa port-access authenticator 12 client-limit 1 aaa port-access authenticator active aaa port-access mac-based 9-12 aaa port-access mac-based 9 client-limit 10 aaa port-access mac-based 10 client-limit 10 aaa port-access mac-based 11 client-limit 10 aaa port-access mac-based 12 client-limit 10
That should be it.
Big shout out to the NE Engineer who's tutorial I used for this configuration verbatim.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
09-11-2015 03:58 AM
I have tested the Configurations and it worked but there is a big issue showedd up:
now I want user to authenticate when he enter his windwos log in credential he will have access now the thing is if domain user is not cached the user enter his credentail and he will not be able to log into domain and Message said domain service is not availble and user can not log into domain so how to solve such a thing.
09-11-2015 04:53 AM
09-11-2015 05:22 AM
But this role will allow any machine authentication directly for example I have printers should be in Printers VLAN and IP phones in Voice VLAN which I have created enforcment profiles for it and enforcment policy for so If I added this enforcment condition will allow access,so Please correct me if I'm wrong and really thank you for your fast response
09-11-2015 05:24 AM
09-11-2015 05:39 AM
the thing is domain user for example windwos 8 can not login to domain on configured 802.1x port (and on this windwos we enable 802,.1x and configured it that widnwos log in uses as the 802.1x ) in 802.1x setting in windows,