Hi,
here is the switch output for the rule with the dorp at the ende:
show port-access clients detail
Port Access Client Status Details:
Client e8:9a:8f:27:91:33, SYSTEC\vertrieb-test
============================
Session Details
---------------
Port : 1/1/1
Session Time : 51s
IPv4 Address :
IPv6 Address :
VLAN Details
------------
VLAN Group Name :
VLANs Assigned : 26,30
Access : 30
Native Untagged : 30
Allowed Trunk : 26
Authentication Details
----------------------
Status : dot1x Authenticated
Auth Precedence : dot1x - Authenticated, mac-auth - Not attempted
Authorization Details
----------------------
Role : TG_Aruba_CX_DUR_Vertrieb_restricted-3083-3
Status : Applied
Role Information:
Name : TG_Aruba_CX_DUR_Vertrieb_restricted-3083-3
Type : clearpass
Status: Completed
----------------------------------------------
Reauthentication Period :
Cached Reauthentication Period :
Authentication Mode :
Session Timeout :
Client Inactivity Timeout :
Description :
Gateway Zone :
UBT Gateway Role :
UBT Gateway Clearpass Role :
Access VLAN :
Native VLAN : 30
Allowed Trunk VLANs : 26
Access VLAN Name :
Native VLAN Name :
Allowed Trunk VLAN Names :
VLAN Group Name :
MTU :
QOS Trust Mode :
STP Administrative Edge Port :
PoE Priority :
Captive Portal Profile :
Policy : DUR-Vertrieb_TG_Aruba_CX_DUR_Vertrieb_restricted-3083-3
Access Policy Details:
Policy Name : DUR-Vertrieb_TG_Aruba_CX_DUR_Vertrieb_restricted-3083-3
Policy Type : Downloaded
Policy Status : Applied
SEQUENCE CLASS TYPE ACTION
----------- ---------------------------- ---- ----------------------------------
10 DHCP-DNS_TG_Aruba_CX_DUR_... ipv4 permit
30 VLAN25_TG_Aruba_CX_DUR_Ve... ipv4 drop
40 VLAN29_TG_Aruba_CX_DUR_Ve... ipv4 drop
100 alltraffic_TG_Aruba_CX_DU... ipv4 drop
Class Details:
class ip DHCP-DNS_TG_Aruba_CX_DUR_Vertrieb_restricted-3083-3
10 match udp any eq 67 any
20 match udp any eq 68 any
30 match udp any eq 53 any
class ip VLAN25_TG_Aruba_CX_DUR_Vertrieb_restricted-3083-3
10 match any any 192.168.25.0/255.255.255.0 count
class ip VLAN29_TG_Aruba_CX_DUR_Vertrieb_restricted-3083-3
10 match any any 192.168.29.0/255.255.255.0
class ip alltraffic_TG_Aruba_CX_DUR_Vertrieb_restricted-3083-3
20 match any any any
Thanks
------------------------------
Tobias Gabriel
------------------------------
Original Message:
Sent: Feb 10, 2021 02:38 PM
From: Alexis La Goutte
Subject: Aruba CX 6300F with Clearpass DUR Client shows unauthenticated
the output of command ask by bkohnhe ( show port-access client detail)
------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...
PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)
PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..
ACEP / ACMX #107 / ACDX #1281
Original Message:
Sent: Feb 10, 2021 10:16 AM
From: Tobias Gabriel
Subject: Aruba CX 6300F with Clearpass DUR Client shows unauthenticated
Hi,
yes windows shows unauthenticated on the network adapter...
when I change the Acl Seq 100 alltraffic from drop to permit, everything works fine.
the switch shows authenticated on both
thanks
Original Message:
Sent: Feb 10, 2021 09:57 AM
From: AutoCreation
Subject: Aruba CX 6300F with Clearpass DUR Client shows unauthenticated
Hi Leon,
when you say the client says unauthenticated, do you mean that Windows shows that on the adapter setting? I would say that is a problem with Windows then, if everything else is working as expected.
What does the switch say when you look into the user with "show port-access client detail"?
------------------------------
AutoCreation
Original Message:
Sent: Feb 09, 2021 07:47 AM
From: Tobias Gabriel
Subject: Aruba CX 6300F with Clearpass DUR Client shows unauthenticated
Hello communitiy,
we have an Aruba CX 6300f switch and a Clearpass running.
We have configured downloadable user roles on the switch and the Clearpass.
after a successful authentication via 802.1x the client shows the status unauthenticated. However, it gets an IP and can access resources on the same network.
The switch displays the status authenticatied.
I think the error is in the acl that is downloaded on the switch.
the ACL see picture.
Many thanks