Hello,
I'm experiencing some problems. I'm using ArubaOS switches, local user-roles and Clearpass to authenticate end-user devices. All is working fine but I'm experiencing some problems with ports where I have connected a PC and a VoIP phone.
In the CPPM I can see how both devices are authenticated successfully, PC through 802.1x and phone through MAC auth. The problem is that once both devices have been authenticated and I can reach to both of them, the phone goes down and I lost connection to it.
I can see how roles are successfully applied with their respective vlans, untagged for PC and tagged for VoIP Phone.... I've made a debug on the ArubaOS switch and once all process has been completed I can see this event:
PSEC eDrvPoll:incoming mac <Device mac-address> on port x/xx for vlan x rejected by portsec demux. wma rejects the mac.
m8021xCtrl:Port x/xx: deleted client <client mac-address> User (null) from Client-List
MAC mWebAuth:Port x/xx MAC:<Cliend mac-address> deauthenticating all clients
MAC mWebAuth:Port x/xx MAC:<Cliend mac-address> deauthenticated all clients
In the first event, the vlan x, is not the vlan of the phone, is the default untagged vlan at this port. But previously, I have another event where I can see that this phone has been placed into the voice vlan after the authentication and after applying the user-role.
If I configure the port with the default untagged VLAN and the voice vlan tagged manually, all works fine..... Both devices remain authenticated and I can see with a "show port-access client x/xx detail" both user-roles has been applied and the tagged and untagged vlans applied with their respective user-roles..... but once I delete the tagged vlan at these port it does not work. I can reach to the phone for a few seconds but after the events detailed above... I loss connection with it.
I look forward your feedback.
Thanks in advance.
------------------------------
tech_sec
------------------------------