Hello Community!
I have been searching like crazy for a method in which both (MAC and Port-based) are enabled.
My Scenario is as follow:
PC/Laptop ------- IP PHONE ----- Aruba Switch ----- Clearpass
Basically, I need to authenticate both (IP PHONE using MAB and Laptop using 802.1x). The thing is that when I configured the port, My Laptop is not getting any IP address (unauth-vid) so it is not getting authenticated.
My configuration on the port is as follow:
aaa port-access authenticator 25
aaa port-access authenticator 25 quiet-period 30
aaa port-access authenticator 25 tx-period 2
aaa port-access authenticator 25 supplicant-timeout 2
aaa port-access authenticator 25 server-timeout 10
aaa port-access authenticator 25 max-requests 3
aaa port-access authenticator 25 auth-vid 15
aaa port-access authenticator 25 unauth-period 10
aaa port-access authenticator 25 client-limit 2
aaa port-access mac-based 25 addr-limit 2
aaa port-access mac-based 25 logoff-period 86400
aaa port-access mac-based 25 quiet-period 30
aaa port-access mac-based 25 server-timeout 10
aaa port-access mac-based 25 auth-vid 150
aaa port-access mac-based 25 unauth-vid 200
aaa port-access authenticator active
I found a guide which is: Clearpass Wired policy enforcement. To be honest, I see that they enabled a local authorization that enables DHCP and DNS but I do not understand how they will be assing to the "initial" vlan that has access to the feautres needed to be authenticated.