With the following command, you can even define the order of authentication on a per-port basis:
aaa authentication port-access auth-precedence
it is either
dot1x-->mac auth
or
mac auth -->dot1x
BR
Florian
------------------------------
-------------------------------------------------------------------------------
Florian Baaske
-------------------------------------------------------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
-------------------------------------------------------------------------------
Also visit the AirHeads Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ-------------------------------------------------------------------------------
Feel free to visit my personal Blog
https://www.flomain.de------------------------------
Original Message:
Sent: Aug 27, 2021 03:33 AM
From: Unknown User
Subject: AOS-CX Mac Auth and 802.1x
dot1x as primary and mac-authentication as secondary works fine in my deployments running 10.07.0004
Original Message:
Sent: Aug 26, 2021 07:10 PM
From: Scott Jamison
Subject: AOS-CX Mac Auth and 802.1x
Has there been any progress on this feature of doing MAC Auth and Dot1x on the same port? It is critical that people are able to plug in a phone to the wall and have a computer plug into the phone.
I just updated to the latest version 10.08.0001 and it still doesn't seem to work. Both my MAC auth and dot1x work fine individually.
------------------------------
Scott Jamison
Original Message:
Sent: Aug 25, 2020 01:53 PM
From: Rens Kluitmans
Subject: AOS-CX Mac Auth and 802.1x
Hello,
I'm trying to get to a good config for 802.1x and mac authentication on a AOS-CX switch running 10.05.0001 (6200F).
On the same port I would like to use Mac Authentication and dot1x.
I've setup the port as follows:
interface 1/1/2 no shutdown vlan access 1 aaa authentication port-access dot1x authenticator max-eapol-requests 1 max-retries 1 enable aaa authentication port-access mac-auth enable
This works fine if a client doesn't have an 802.1x supplicant enabled or if 802.1x are pre programmed.
If no pre programmed credentials are present windows 10 shows a popup but before one can enter credentials mac auth kicks in.
On procurve this wasn't an issue. 802.1x simply replaced the mac auth but AOS-CX seems to be a lot different in this case.
I can offcourse put the max-eapol-requests and max-retries back to their defaults but then when a non 802.1x clients connects it takes more then 160 seconds to get network access.
If you enable aaa authentication port-access auth-precedence mac-auth dot1x on the port dot1x also never gets triggered if mac-auth already assigned a role to the device.
Any one any suggestions on whats the best approach?
Regards,
Rens