Hi
Please share the configuration of your MAC athentication service and the Summary tab from Access Tracker of a succesful MAC authentication.
A guess is that you are using the authentication method [Allow All MAC AUTH], this method will allow any MAC address to connect to the network, and you have to handle authorizations in the Enforcement policy, like only allow specific profiled device type and reject the rest.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Nov 06, 2024 07:07 PM
From: gmann101
Subject: 802.1x & MAB Services Enabled
Hi everyone. I am testing a scenario where I have both WIRED 802.1X and MAB enabled as separate services within ClearPass. I have client PC that is does NOT have EAP-TLS enabled, which fails 802.1X authentication, but is then given access via MAB. My port authentication priority is set so that the client PC attempts to undergo 802.1x authentication first, followed by MAB:
My 802.1x service is configured as follows:
How do I prevent the client PC from authenticating via MAB as the fallback if it fails 802.1x? I only want the MAB policy to take effect for devices which aren't capable of 802.1x. I have confirmed that 802.1x policy does work, when I have the MAB policy disabled within ClearPass. Please advise.