Security

Hi all,

We are currently setting up Clearpass (6.8.2.109931on C2000V platform) and Aruba 2930F/M Switches with WC.16.09.0004. My goal is to keep the config on the Access-Switches as simple as possible. All "brain" should be in Clearpass. So I successfully configured Downloadable User Roles.

Scenario: All Access-Ports on the Swich are configured to authenticate via 802.1X and fallback to MAC-Auth.

Problem: WLAN-Access-Points (Sophos) work fine. But as soon as Clients connect to the AP, Clearpass has to handle multiple MAC-Authentications.

Question: It it possible to disable MAC-Authentication on a access-port where an WLAN-Access-Point is connected by using an (advanced) Aruba User Role sent by CPPM when an AP connect to a access-port?

I hope you got my point ... Otherwise I am happy to answer questions!

Best regards

Stefan

AP should not trigger MAC authentication for the clients trying to connect via WiFi unless the SSID is configured to do so. Basically, the request for MAC auth for wireless clients should only come from the NAD (Access Point/Controller) and not the wired switch

Works like a charm! Thank you very much for the fast and useful reply!