Hi
I deployed CPPM solution for 802.1X and MAB auth. Everything works but I have one issue - CPPM doesn't responding for requests with bad Password/non-known MAC.
My service & Policies configuration:
Authentication Method Allow All MAC AUTH
Authentication Source Endpoint Repository
Enforcement Type RADIUS
Enforcement Policy (Authentication:MacAuth EQUALS KnownClient) => Enforcement Profile Allow Access Profile
Default Profile Deny Access Profile
1) Above service 'TEST MAC' is configured and my Radius MAC-Auth request matches to that SERVICE Rule which I see in syslog from CPPM and Access-Tracker:
Syslog returns: Service classification result = TEST MAC
Access-Tracker returns: Output
Enforcement Profiles: [Deny Access Profile]
System Posture Status: UNKNOWN (100)
Audit Posture Status: UNKNOWN (100)
Alerts
Error Code: 206
Error Category: Authentication failure
Error Message: Access denied by policy
Alerts for this Request
RADIUS [Endpoints Repository] - localhost: User not found.
Applied 'Reject' profile
2) Request doesn't match Enforcement Policy, as MAC is not-Known then Enforcement Profile Deny Access Profile is used
And my Radius client doesn't receive any response. Just Radius timeout. I adjusted timeout to even 30 seconds , but no resonse at all. Tested same scenario with FreeRadius which responding Access-Reject to not known user/MAC and I'm expecting same behevior from CPPM. What I should change to archive this ?
I'm using ClearPass Policy Manager 6.5.5.78974