View Only
last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Aruba 2920 802.1x MAC Auth with Clearpass

This thread has been viewed 13 times
  • 1.  Aruba 2920 802.1x MAC Auth with Clearpass

    Posted Nov 16, 2022 10:10 AM
    I'm attempting to set up 802.1x on our switch fleet and have had no trouble getting EAP-TLS working with domain assets.  However, there are devices that we intend on authenticating with MAC auth.  When sending MAC auth requests to Clearpass I can see that it is using the correct service, policies, and profiles but auth fails every time with the below message.

    Error Code: 209
    Error Category: Authentication Failure
    Error Message: No password in request
    MAC_AUTH: No password in request. Not attempting MAC authentication
    Cannot select appropriate authentication method

    However, even if I specify a password on my test switch for MAC auth using this command "aaa port-access mac-based password" I receive the same message.  Ideally, I'd like to use the global password command from our AOS switch fleet instead of passing the MAC as the password as this would be a bit more secure, but if the MAC gets passed as the password that is fine as well.

  • 2.  RE: Aruba 2920 802.1x MAC Auth with Clearpass

    Posted Nov 16, 2022 06:34 PM
    The switch should be sending the username (MAC) as the password.
    What is the firmware version for 2920 switch?
    Lastly it might be using EAP-MD5 instead, check for EAP-message in incoming Radius request.

    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.