Security

Reply
Contributor I

802.1x Through IP Phones

Hello Community! 

 

I have been searching like crazy for a method in which both (MAC and Port-based) are enabled. 

 

My Scenario is as follow: 

 

PC/Laptop ------- IP PHONE ----- Aruba Switch ----- Clearpass

 

Basically, I need to authenticate both (IP PHONE using MAB and Laptop using 802.1x). The thing is that when I configured the port, My Laptop is not getting any IP address (unauth-vid) so it is not getting authenticated. 

 

My configuration on the port is as follow: 

aaa port-access authenticator 25

aaa port-access authenticator 25 quiet-period 30
aaa port-access authenticator 25 tx-period 2
aaa port-access authenticator 25 supplicant-timeout 2
aaa port-access authenticator 25 server-timeout 10
aaa port-access authenticator 25 max-requests 3
aaa port-access authenticator 25 auth-vid 15
aaa port-access authenticator 25 unauth-period 10
aaa port-access authenticator 25 client-limit 2

 

aaa port-access mac-based 25 addr-limit 2
aaa port-access mac-based 25 logoff-period 86400
aaa port-access mac-based 25 quiet-period 30
aaa port-access mac-based 25 server-timeout 10
aaa port-access mac-based 25 auth-vid 150

aaa port-access mac-based 25 unauth-vid  200

 

aaa port-access authenticator active

 

I found a guide which is: Clearpass Wired policy enforcement. To be honest, I see that they enabled a local authorization that enables DHCP and DNS but I do not understand how they will be assing to the "initial" vlan that has access to the feautres needed to be authenticated. 

 

 

Contributor I

Re: 802.1x Through IP Phones

Hello,

 

You need to add " aaa port-access mixed" to the interface to enable both.

----------------------------------------------------------------------------------------
Aruba ACCX #749, ACDX #793, ACMP, ACEAP | HPE Master AS

contact: thierry.lubbers@axez.nl
Contributor II

Re: 802.1x Through IP Phones

Hi, 

Did that solve the problem

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: