Security

Reply
New Contributor

Re: Always MAC authentication before 802.1X authentication in Clearpass

Just wanted to point out to anyone reading this thread that we added a feature in Aruba OS Switch release 16.08 to address this.

 

Configurable order and priority of authentication methods

Customers will now be able to precisely control the order in which different authentication methods are attempted and also assign priorities to the methods to have granular control of the authentication process. For more information, see the Access Security Guide.

View solution in original post

Highlighted
MVP

Re: Always MAC authentication before 802.1X authentication in Clearpass

Yup, already tested that.. finaly no more MAC span :D


Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found a post helpful or important? Click the "Thumbs Up" icon to give kudos.
-- Problem Solved? Click "Accept as Solution" in a post.
Highlighted
MVP

Re: Always MAC authentication before 802.1X authentication in Clearpass

Apparently this command was not added to 2920 switches?

 

2920 access security guide v16.08 does not mention it and also the switch itself does not recognize the command :(


Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found a post helpful or important? Click the "Thumbs Up" icon to give kudos.
-- Problem Solved? Click "Accept as Solution" in a post.
Highlighted
MVP Guru Elite

Re: Always MAC authentication before 802.1X authentication in Clearpass


@koen wrote:

Apparently this command was not added to 2920 switches?

 

2920 access security guide v16.08 does not mention it and also the switch itself does not recognize the command :(


Yes from ArubaOS‐Switch Software Feature Support Matrix 16.08, it is not available on 2920...



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Occasional Contributor II

Re: Always MAC authentication before 802.1X authentication in Clearpass

I've tried testing this setting, however I am seeing a (approx.) 60 sec delay when using mac auth.  Anyone else seen this?

I'm testing with the same machine, simply using the 802.1x supplicant (auth happens straight away) and then disabling 802.1x to use mac (auths happens after 60 secs).

 

Using command:

"aaa port-access <port> auth-order authenticator mac-based"

 

As soon as I remove this order from the port, both mac & 802.1x happen straight away!

Thanks in advance!

Highlighted
Aruba Employee

Re: Always MAC authentication before 802.1X authentication in Clearpass

You should also reduce the time how long the switch wait for an 802.1x answer (default 30sec.)

aaa port-access authenticator 2-4 supplicant-timeout 5  (now 5 sec.)

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: