Security

last person joined: 10 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Aerohive MAC Auth with ClearPass

This thread has been viewed 12 times
  • 1.  Aerohive MAC Auth with ClearPass

    Posted Sep 13, 2021 09:52 AM
    Does anybody have experience setting up MAC Auth for Aerohive Wireless SSID and ClearPass.  We are getting the following error: MAC_AUTH: No password in request. Not attempting MAC authentication

    This same policy works for Aruba devices.  The only thing we are changing between the services is the Aruba-ESSID and the Called Station ID. The SSID on the the Aruba and Aerohive APs are the same.  


    ------------------------------
    Chris Rosing
    ------------------------------


  • 2.  RE: Aerohive MAC Auth with ClearPass

    Posted Sep 13, 2021 11:50 AM
    Can you configure the AP to send the mac address as password? For MACAuth, the switch/AP normally sends the MAC address as the username and also as password. Looks like the AP is not sending any password, which may be configurable at the AP side (sorry don't know those).

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Aerohive MAC Auth with ClearPass

    Posted Sep 14, 2021 03:34 AM
    While triggering MAC Auth from Aerohive, make sure we have MAB with PAP as any other method like CHAP or MSCHAP might not work as Herman suggested because we are expecting the password as MAC address in ClearText.
    The other option you could try is making use of Radius Authorize Only Service Type instead of MAC Auth Service, there we would be skipping the authentication altogether.

    ------------------------------
    SANDEEP YADAV
    Global Escalation Center, ACCP | Aruba Software
    ------------------------------