If you see a different MAC, the device sends out traffic with that different MAC. What type of device is this?
The 802.1X entry should go away after some time (may be few minutes) if the client does not respond to 802.1X.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Aug 03, 2023 03:20 AM
From: TomiCloud
Subject: 2530 Switch MAC Authentication
Thanks Herman, but when device is authenticating through MAC, there are 2 unnecessary entries using 802.1x, one is with different mac, they are not dissapearing. Is there a way to leave only client with MAC auth?
Original Message:
Sent: Aug 03, 2023 02:34 AM
From: Herman Robers
Subject: 2530 Switch MAC Authentication
Take out the commands:
aaa port-access 1 auth-order authenticator mac-basedaaa port-access 1 auth-priority authenticator mac-based
That will bring the behavior back to the default of 'concurrent onboarding'. The switch will try MAC and 802.1X at the same time, 802.1X will take precedence if succeeded.
The MAC entry should disappear after some time for 802.1X authenticated clients.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 02, 2023 05:45 AM
From: TomiCloud
Subject: 2530 Switch MAC Authentication
Hi,
I'm trying to configure RADIUS authentication with Clearpass on Aruba 2530 Switch. I'm trying to use 802.1x and fallback to MAC authentication.
aaa server-group radius "clearpass" host 10.0.80.200
aaa accounting update periodic 3
aaa accounting network start-stop radius server-group "clearpass"
aaa authentication port-access eap-radius server-group "clearpass"
aaa authentication mac-based chap-radius server-group "clearpass"
aaa port-access authenticator 1-22
aaa port-access authenticator 1 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based 1-22
aaa port-access 1 auth-order authenticator mac-based
aaa port-access 1 auth-priority authenticator mac-based
I've created auth-order and auth-priority, but i have problem with 2 things:
- How can I change time after which the authentication switches from 802.1x to MAC? Now, it takes a long time to switch over and authorize device.
- After MAC authorization, there are 2 clients on that port, one type is MAC, and second is 802.1x. What can i do to delete unused 802.1x? I tried switching client limit to 0 on 802.1x auth but i can't do it while MAC auth is turned on. Client status hangs on connecting.Thanks in advance.