I recently created a couple of user roles in clearpass and controller to assign dynamic VLANs based on user group membership in AD, without creating any rule for machine authentication, on testing I found that am not getting the appropriate VLAN, and when I checked clearpass it shows it's applying a machine authentication role instead of a user role authentication. I get the appropriate vlan when I connect to the wifi via my iPhone or a different laptop, how do I resolve such issue? as its affecting a couple of users.
Your problem could be in a number of places.
Do you have "Enforce Machine Authentication" enabled on the Aruba controller?
Do you have any roles or enforcement policies that are tied to machine authentication in ClearPass? By default ClearPass will report devices that have both passed user and machine authentication without switching roles.
Not at the minute. But will check the controller settings.
Chek that the clients have "User authentication"
I recognize this, will test that now. Thanks
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.