Security

 View Only
  • 1.  Clearpass - Dot1x request doesn't get to the CP server

    Posted Sep 12, 2023 08:45 AM

    Hi All,

    I am having some issues with a 5130 switch and authentication with Clearpass.

    The integration between the switch and the CP is working. I have MAC authentication working correctly. 
    And some dot1x request that somehow got to the CP server.

    However, after I authenticated a Windows 10 with dot1x. suddenly it tries to authenticate by MAC - and doesn't send dot1x authentication anymore.

    Of course, it is blocked by the MAC authentication - because it isn't supposed to authenticate this way.

    Here is a screenshot:

    I would like to get some help if anyone knows where the problem could be.



    ------------------------------
    Best regards,
    Alon Haber
    ------------------------------


  • 2.  RE: Clearpass - Dot1x request doesn't get to the CP server

    Posted Sep 12, 2023 08:56 AM

    Do you have the right auth priority set on the switch? dot1x before mac auth?



    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 3.  RE: Clearpass - Dot1x request doesn't get to the CP server

    Posted Sep 12, 2023 09:06 AM

    I think that it is by default should use dot1x before MAC.
    There is this command:

    mac-authentication parallel-with-dot1x

    But I don't have it under the interface. By default it is disabled.



    ------------------------------
    Best regards,
    Alon Haber
    ------------------------------