06-07-2016 03:03 PM
Hey, Airheads -
First post, frequent lurker. Straight to it:
We're shifting all of our access switching to 802.1x via ClearPass, but in getting the testing completed, I've run into an issue with Endpoint Statuses. Currently, 802.1x requires AD credentials and for the Endpoint to be Known in the Endpoint Repository. Basically, it's the exact same as our (working) wireless environment. All should be well and good, however, there seems to be some kind of mixup with the End-Host Identitiy.
The Event Tracker shows the REJECT status, but also lists the Endpoint Status as Known. So, for all intents and purposes, I should be accepted. The only anomaly I can locate it that the End-Host Identifier lists the device's MAC as 98-5A-EB-XX-XX-XX, whereas on every working device (and every device stored in the Endpoint Repository) is displayed as 985aebxxxxxx.
I've already confirmed on the switch side that the MAC should be unformatted. I tried changing it to Colon to see if the Identifier would correspond, but no such luck. The only field in the Event Tracker that seems to correspond to that is the Calling Station ID, which I've tried to specify as unformatted on the switch as well, but still, no difference.
Google's failed me on any solutions, and I'm probably getting a bit more into the weeds than I'm used to, so any help is appreciated.
I included the Event Tracker export, but it is mildly redacted, for my own peace of mind. :)
Oh - I should also specify that if I remove the Status: Known parameter from Enforcement, everything it peachy keen. I'm also nearly certain it's not something silly like missing the Authorization source (I'm not).
06-14-2016 06:17 AM
Endpoint attributes are looked up based on the value of Connection:Client-Mac-Address-NoDelim which should remove any colons or hyphens in the MAC address.
Looking at your output, you can see the following entries:
Authorization:[Endpoints Repository]:IsProfiled = true
Authorization:[Endpoints Repository]:MAC Vendor = Apple, Inc.
Authorization:[Endpoints Repository]:Status = Known
This would make me believe that a successful lookup against the Endpoint repository was occuring.
Are you able to provide screenshots of your service used for this authentication?
ACDX #98 | ACMP | ACCP