Security

last person joined: 3 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

802.1x Through IP Phones

  • 1.  802.1x Through IP Phones

    Posted Jul 04, 2018 01:01 PM

    Hello Community! 

     

    I have been searching like crazy for a method in which both (MAC and Port-based) are enabled. 

     

    My Scenario is as follow: 

     

    PC/Laptop ------- IP PHONE ----- Aruba Switch ----- Clearpass

     

    Basically, I need to authenticate both (IP PHONE using MAB and Laptop using 802.1x). The thing is that when I configured the port, My Laptop is not getting any IP address (unauth-vid) so it is not getting authenticated. 

     

    My configuration on the port is as follow: 

    aaa port-access authenticator 25

    aaa port-access authenticator 25 quiet-period 30
    aaa port-access authenticator 25 tx-period 2
    aaa port-access authenticator 25 supplicant-timeout 2
    aaa port-access authenticator 25 server-timeout 10
    aaa port-access authenticator 25 max-requests 3
    aaa port-access authenticator 25 auth-vid 15
    aaa port-access authenticator 25 unauth-period 10
    aaa port-access authenticator 25 client-limit 2

     

    aaa port-access mac-based 25 addr-limit 2
    aaa port-access mac-based 25 logoff-period 86400
    aaa port-access mac-based 25 quiet-period 30
    aaa port-access mac-based 25 server-timeout 10
    aaa port-access mac-based 25 auth-vid 150

    aaa port-access mac-based 25 unauth-vid  200

     

    aaa port-access authenticator active

     

    I found a guide which is: Clearpass Wired policy enforcement. To be honest, I see that they enabled a local authorization that enables DHCP and DNS but I do not understand how they will be assing to the "initial" vlan that has access to the feautres needed to be authenticated. 

     

     



  • 2.  RE: 802.1x Through IP Phones

    Posted May 17, 2019 08:34 AM

    Hello,

     

    You need to add " aaa port-access mixed" to the interface to enable both.



  • 3.  RE: 802.1x Through IP Phones

    Posted Jul 13, 2019 04:00 AM

    Hi, 

    Did that solve the problem