We are currently setting up Clearpass (184.108.40.206931on C2000V platform) and Aruba 2930F/M Switches with WC.16.09.0004. My goal is to keep the config on the Access-Switches as simple as possible. All "brain" should be in Clearpass. So I successfully configured Downloadable User Roles.
Scenario: All Access-Ports on the Swich are configured to authenticate via 802.1X and fallback to MAC-Auth.
Problem: WLAN-Access-Points (Sophos) work fine. But as soon as Clients connect to the AP, Clearpass has to handle multiple MAC-Authentications.
Question: It it possible to disable MAC-Authentication on a access-port where an WLAN-Access-Point is connected by using an (advanced) Aruba User Role sent by CPPM when an AP connect to a access-port?
I hope you got my point ... Otherwise I am happy to answer questions!
AP should not trigger MAC authentication for the clients trying to connect via WiFi unless the SSID is configured to do so. Basically, the request for MAC auth for wireless clients should only come from the NAD (Access Point/Controller) and not the wired switch
Works like a charm! Thank you very much for the fast and useful reply!
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.