Check
this post for the answer. You need to (dynamically) switch to port mode after authentication, check the link to see how to do that.
Assuming you have ArubaOS Switches (you mentioned hpe egress).
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Nov 26, 2021 03:33 AM
From: Florian Schmalz
Subject: Correct Configuration for APs, Hubs, etc. with MAC Auth
Greetings!
i am currently putting a clearpass in operation on our main site. Last week i faced "major" problem while configuring ports with Access Points. My idea was it to authenticate the APs via MAC Auth - which so far works. The ports get tagged via hpe egress correctly and the access point is online after it got authenticated. But all the clients connected to the ap are also sending authentication requests to the switch / clearpass, which i dont need because the clients already authenticate themselfs via 8021x at the AP.
So what am i missing in my coniguration? I also will be taking ports with hub switches into mac auth and only want the switch to be authenticated.
Best regards
------------------------------
Florian Schmalz
------------------------------