Has anybody come up with a way to force a client to authenticate against a macAuth service in the case it failed to authenticate against an 802.1x service ?
Imagine an unknown client connects to the network and has an 802.1x supplicant enabled, but without correct credentials and/or proper settings.
From what I understand, this client would trigger an 802.1x service (if present) then would fail to authenticate and get rejected, without a chance to try MacAuth.
What I would like is this client to be reliably redirected to a MacAuth service.
Maybe by caching something during the 802.1x service ? Or maybe by a combination of NAD config + clever service ordering ?
I'll try to achieve this in a lab, but I also wanted to ask you guys.
Thanks in adavnce
This is 100% dependent on the capability of the NAD. There is nothing ClearPass can do to steer this behavior. I assume you're talking about wired?
Yes I was talking wired, NAD is an HP 5130.
I've gone throught some of the docs and to this point I didn't find anything like "If dot1x failed then try MacAuth before setting the port to Unauthorized state".
I still have some testing to do, maybe the switch tries both auth types consecutively anyway (if both are enabled on the port), but I seriously doubt it.
Thanks for the reply
Oh nice ! Didn't see that one, thanks a lot :)
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.