I have been searching like crazy for a method in which both (MAC and Port-based) are enabled.
My Scenario is as follow:
PC/Laptop ------- IP PHONE ----- Aruba Switch ----- Clearpass
Basically, I need to authenticate both (IP PHONE using MAB and Laptop using 802.1x). The thing is that when I configured the port, My Laptop is not getting any IP address (unauth-vid) so it is not getting authenticated.
My configuration on the port is as follow:
aaa port-access authenticator 25
aaa port-access authenticator 25 quiet-period 30aaa port-access authenticator 25 tx-period 2aaa port-access authenticator 25 supplicant-timeout 2aaa port-access authenticator 25 server-timeout 10aaa port-access authenticator 25 max-requests 3aaa port-access authenticator 25 auth-vid 15aaa port-access authenticator 25 unauth-period 10aaa port-access authenticator 25 client-limit 2
aaa port-access mac-based 25 addr-limit 2aaa port-access mac-based 25 logoff-period 86400aaa port-access mac-based 25 quiet-period 30aaa port-access mac-based 25 server-timeout 10aaa port-access mac-based 25 auth-vid 150
aaa port-access mac-based 25 unauth-vid 200
aaa port-access authenticator active
I found a guide which is: Clearpass Wired policy enforcement. To be honest, I see that they enabled a local authorization that enables DHCP and DNS but I do not understand how they will be assing to the "initial" vlan that has access to the feautres needed to be authenticated.
You need to add " aaa port-access mixed" to the interface to enable both.
Did that solve the problem
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.