Original Message:
Sent: May 17, 2024 10:40 AM
From: chulcher
Subject: EAP-TEAP Wired User
Is there something in the role mapping policy that is evaluating the endpoint status? I see nothing in the enforcement policy.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: May 17, 2024 09:38 AM
From: OumarCisse
Subject: EAP-TEAP Wired User
Hello @jonas.hammarback
Maybe that is a good idea. I could put a place a polices that evaluate when a device a marked unknown. I will look at that option.
Here are my enforcement and roles screenshots.
I already have devices sync from Intune. But when I pug into the dock, it gets a different Mac address from the dock ethernet card. So Clearness think it is a new device and does not know how to classify it.
You can see from the screenshot that second one is known and the first one is from the docking station.
Thanks
Original Message:
Sent: May 16, 2024 10:24 AM
From: jonas.hammarback
Subject: EAP-TEAP Wired User
Hi
Can you share the configuration of your role mapping and enforcement policies? Do you have any condition in the policies that evaluates if the status is Known?
As Carson mentioned, the status should only have impact in some use cases with MAC authentication, like guest MAC caching.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: May 16, 2024 10:00 AM
From: OumarCisse
Subject: EAP-TEAP Wired User
Hello Guys,
I have configured Teap successfully on wireless. Thank you everyone for their input. I am facing a new problem on the wire side.
At my company we use docking station to plug in our ethernet cable and the docking station as a different MAC address than the wireless one. Every time I tried a new dock,
Clearpass associated the host name to the dock Mac-address but it come up as unknown in the endpoint.
Unless, I make that Mac-address know, Clearness would always reject the computer on the TEAP config. Should I configure the teap differently because it is impossible to note
every docking station mac-address.
Any help would be appreciated.
Thanks