Security

hello community,

since the introduction of the new laptops with the new lenovo docking stations we have problems with the clearpass 802.1x authentication.

The clients are authenticated in wired mode.
We have problems with the Lenovo 40B2 docking stations.

In clearpass we only see Mac auths, the clients plugged into the docking station often have to be restarted a few times to see an 802.1x auth with TLS.

We have already found out that the docking station stays permanently connected to the network, apparently because of wacke on lan.
And during this time (even if no client is connected) Mac does auth...

Has anyone ever had a similar problem?
Can this be switched off on the docking stations?
Or is there another workaround?

Many thanks in advance ;-)

------------------------------
Tobias
------------------------------

When I search for that specific docking station, I see more people having this issue. The solution would be that the docking station would perform a 'EAP-Logoff', but that doesn't seem to be implemented. However, there appears to be firmware update for the docking station, which you may try and see if it improves the behavior although the release notes don't show any indication for that. The docking station should bring the link to the switch down if the laptop is disconnected from it.

You may also decrease the reauthentication timeout, so that the switch will require reauthentication more often. This should be balanced against the authentication overhead, and depending on how many of these docking stations you have, could work or may make things even worse.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jul 04, 2024 06:13 AM
From: Leon123
Subject: Problems with clearpass and new lenovo docking stations

hello community,

since the introduction of the new laptops with the new lenovo docking stations we have problems with the clearpass 802.1x authentication.

The clients are authenticated in wired mode.
We have problems with the Lenovo 40B2 docking stations.

In clearpass we only see Mac auths, the clients plugged into the docking station often have to be restarted a few times to see an 802.1x auth with TLS.

We have already found out that the docking station stays permanently connected to the network, apparently because of wacke on lan.
And during this time (even if no client is connected) Mac does auth...

Has anyone ever had a similar problem?
Can this be switched off on the docking stations?
Or is there another workaround?

Many thanks in advance ;-)

------------------------------
Tobias
------------------------------