I have one problem with MAC authentication on HP 5500 Comware switch. When we are using the domain on switch side the MAC authentication is failing because Strip Username rules on CPPM side is not working. Here is an config example:
# domain default enable aaa# mac-authentication timer offline-detect 600 mac-authentication timer quiet 180 mac-authentication domain aaa#
And CLearPass side:
We cant use the Strip Username Rules with MAC auth?
Thanks and best regards
Do you need to add the mac-authentication domain?
If you do you should be able to strip the domain from the user name in the service on the Authentication tab
Thanks for reply, yes I know that feature, and using it:
But with no effect. It is working well with EAP-TLS authentication, but not with MAC auth.
And yes, customer want to add the auth domain.
Ok, I have to admit that I have not seen this auth domain setting on any of my customers over the 12 years I have been working with ClearPass. So I haven't tried to use it on a MAC authentication
You can change this parameter in your radius profile:
radius scheme radius
primary authentication 10.135.24.100
primary accounting 10.135.24.100
secondary authentication 10.134.24.100
secondary accounting 10.134.24.100
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.