Security

Reply
Occasional Contributor II

Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

Hi everyone.

 

I have 802.1x and MAB set up on the same port using a HP2530 switch. I'm using Clearpass 6.6.8 and the firmware on the switch is 16.04.

 

I would like to use a priority order for the authentication methods. First I would like to authenticate by 802.1x and if that fails continue with MAB. I can see that both methods are used at the same time. This results in that some clients end up in a guest VLAN for a few seconds before they finally end up in the correct VLAN using 802.1x. If I were to use a Cisco switch I would be able to set the authentication order in the switch config but is that possible when using a HPE/Aruba switch? If not, do you have any suggestions to resolve it in some other way?

 

Some of the config:

aaa authentication port-access eap-radius server-group "CPPM" cached-reauth
aaa authentication mac-based chap-radius server-group "CPPM"

aaa port-access authenticator 1-4
aaa port-access authenticator 1 quiet-period 30
aaa port-access authenticator 1 auth-vid 10
aaa port-access authenticator 1 logoff-period 86200

aaa port-access authenticator active

aaa port-access mac-based 1-4
aaa port-access mac-based 1 addr-limit 10
aaa port-access mac-based 1 logoff-period 862400
aaa port-access mac-based 1 quiet-period 30
aaa port-access mac-based 1 auth-vid 10

Guru Elite

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

No, this is not possible today.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

And whats the order if you have all the above and throw in the CleassPass captive portal to th mix?

 

aaa authentication captive-portal profile PROFILE url https://portal.com

aaa authentication captive-portal enable
aaa port-access authenticator active

Guru Elite

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

http://community.arubanetworks.com/t5/Security/ClearPass-Solution-Guide-Wired-Policy-Enforcement/td-p/298161


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

Rumor has it that the feature to select order will show up in 16.06.

-Petter
New Contributor

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?


@petter.millerwrote:
Rumor has it that the feature to select order will show up in 16.06.

-Petter

Hello Peter,

Do we have any news about MAB in release 16.06?

Thank you!

Michal

Occasional Contributor II

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

As far as I know 16.06 is still not released. I'm waiting for it...

 

-Petter

Aruba Employee

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

Aruba's Wired Intelligent Edge Switching Product Management team is currently looking into adding this feature to ArubaOS-Switch.  

 

JUSTIN NOONAN
TECHNICAL MARKETING ENGINEER – ARUBA WIRED INTELLIGENT EDGE
O: +1 916 540 1748   |   justin.noonan@hpe.com

8000 FOOTHILLS BLVD  |  ROSEVILLE, CA 95747 USA

New Contributor

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

Hi Justin,

 

Any update on this one? I don't see any detail on this in the initial 16.06 release. Been seeking this feature for years!

 

Regards

Jono

Guru Elite

Re: Clearpass wired 802.1x and MacAuth on HP2530 switch - Priority order?

It will not be in 16.06.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: