View Only
last person joined: 23 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Aruba 2920 802.1x MAC Auth with Clearpass

This thread has been viewed 11 times
  • 1.  Aruba 2920 802.1x MAC Auth with Clearpass

    Posted 15 days ago
    I'm attempting to set up 802.1x on our switch fleet and have had no trouble getting EAP-TLS working with domain assets.  However, there are devices that we intend on authenticating with MAC auth.  When sending MAC auth requests to Clearpass I can see that it is using the correct service, policies, and profiles but auth fails every time with the below message.

    Error Code: 209
    Error Category: Authentication Failure
    Error Message: No password in request
    MAC_AUTH: No password in request. Not attempting MAC authentication
    Cannot select appropriate authentication method

    However, even if I specify a password on my test switch for MAC auth using this command "aaa port-access mac-based password" I receive the same message.  Ideally, I'd like to use the global password command from our AOS switch fleet instead of passing the MAC as the password as this would be a bit more secure, but if the MAC gets passed as the password that is fine as well.

  • 2.  RE: Aruba 2920 802.1x MAC Auth with Clearpass

    Posted 15 days ago
    The switch should be sending the username (MAC) as the password.
    What is the firmware version for 2920 switch?
    Lastly it might be using EAP-MD5 instead, check for EAP-message in incoming Radius request.

    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.