Hello
We have recently implemented ClearPass in our enviournment and facing some issues with end point authentications.
Here is my port configuration which applies to all access ports connecting to domain PCs and Cisco phones:
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 30
dot1x timeout tx-period 15
dot1x max-req 3
dot1x max-reauth-req 3
spanning-tree portfast
And the issue we are facing is 1. all my Cisco phones are sending the authentication request to clearness multiple times a day and during the reauthentication some random phone they got REJECT and ended up registering on the voice gateway instead of call manager and after few second when same phone send the auth request again and it got ACCET and registered normally on CUCM.
Now Im not sure if Im missing any cmd on the switch port or do I need to configure something for the phones on call manager for phones don't send any re auth request until something is changed on the switch port ?
2. All my PC even they configured for the Dot1x, it send out the MAC auth request first and getting reject and right after that it get ACCEPT on the dot1x, again is there any cmd missing on the switch port and why PCs also send the auth request multiple times a day ?
I have open support case with Aruba TAC and they looked at the clearpass configuration and don't see anything wrong with it also according to TAC end point shouldn't send the auth request again and again until something is changes on the port, ie reboot the end point , connect/disconnect etc.
And the Cisco TAC is saying the same, configuration looks good, nothing wrong with the ports on the switch, don't see anything on the logs.
Can someone please advice what should be doing here to resolve this issue or if some else is faced the similar issue and had a fix for it ?
Thanks