I have problem with mac-auth some devices, like roger access control device, or unmanaged switch.
After enabling mac auth on port, port is immediately going to state "Port x/x/x is blocked by port access". Device is not trying to authenticate in clearpass. Only when i disable mac auth on port, port is unblocked.
Switch is Aruba 6200F.
the general behaviour is that the port should go into "blocked by port-access" and waits for the device to be ready and then does the MAC auth to ClearPass, then depending on the outcome of the authentication, "show port-access client detail" gives more info on it.
But if the MAC auth is successful then the port will be unblocked.
But that device is not trying to authenticate, so i have nothing on that port in "show port-access clients detail"
what is your interface configuration?
is clearpass sending back a local user role?
No, there is no information about requesting access in Access Tracker, it looks like device is not trying to authenticate.
What does the command: "show port-access clients interface 4/1/15 detail" tell?
And does the device that you connect send traffic? Some (rare) devices don't send any traffic when they are connected to the network. Authentication will happen only on the first data packet sent by a client.
What can i do if that device is not sending any trafic?
Then you can't authenticate is... but if it doesn't send traffic, what is the purpose of the device? What is it for a device?
is it one of those silent devices that only respond to certain incoming traffic?
I think yes, one device is roger devices, which is used to access control, i think that device only request to server requests, and thats the only traffic.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.