Security

Hello,

I'm beginning to get in a new 802.1X Wired Service managed by ClearPass Policy Manager on the our network. 

I'm using Aruba Switch as NAD: for example models 2930F or 2540.

But I'm having some problem with particolar devices as telecameras or access control devices when I activate the comand: "aaa port-access mac-based"

Ethernet cards do not generate traffic and so they do not arrive on the radius server (CPPM) and they are not moved on the right VLAN by CPPM.

I have also tried to give allow any device as default enforcement profile.

I added the follow commands in order to activate cards:

• aaa port-access mac-based [PORT-LIST]  reauth-period 3600
• aaa port-access [PORT-LIST] controlled-direction in

Some devices have become UP and I've solved the problem but the others no effect.

So I tried to update the firmware of the lastest follow indications of the suppliers without successful.

 
I tried to search any logs, even if the device has been started and the NAD does not have any registration.

Does someone have any idea to have log or steps to do?

Thanks in advance for your useful advice!

Hi all,

I want to share how solving the problem if there is someone with the same issue.

In my case spanning tree protocol is enabled. So for these particolar devices I must put the port on the admin-edge status and bpdu-protection status.

After that I can enable the device using the comand "aaa port-access NUMBER-PORT control-direction in"

Now devices may connect to the radius-server

Regards