Yeah, that switch is ancient and pre-dates the feature convergence in AOS-S. Don't expect any kind of feature equivalence with more current switches.
Original Message:
Sent: Sep 05, 2024 02:32 AM
From: simox
Subject: Errors on Radius request on Mac-Authentication
Hi Carson,
thanks to reply, my clearpass configuration are like the one you reported:
MAC:
in 802.1X service i not have client-mac-address NOT_EQUALS, i have only nas port type and service-type radius:IETF
MAC, are on top of 802.1x ...... at the moment i have Add service type framed-user also at MAC-auth, in this case work correctly.
When a PC arrives with the certificate it is not in the approved Mac database and therefore fails and switches to the 802.1x service that authorize!
For Information:
The switch that have this problem are a J8165A and have the latest update H.10.119
Original Message:
Sent: Sep 04, 2024 06:54 PM
From: chulcher
Subject: Errors on Radius request on Mac-Authentication
In your service categorization for the MAC auth you can add Framed-User as a Service-Type and use:
Then in the 802.1X service use:
Typical starting point for service categorization of MAC auth on wired, agreed the Framed-User is odd:
802.1X service:
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Sep 04, 2024 06:35 AM
From: simox
Subject: Errors on Radius request on Mac-Authentication
hello, I configured Aruba ClearPass on two 2560 poe model switches but mac-authentication does not work.(other switch work correctly)
I noticed that the radius request that comes to me from the switch has the Service-Type attribute 2 (framed-user) instead of 10, which is call-check like all the other switches, and so it try to connect used Wired - EAP-TLS Certificate Authentication instead of Wired - Mac Authentication.
how can i change the radius request service type attribue for MC auth request?