Security

Hello,

I have problem with MAC authentication. MAC authentication works fine when device is connected via Aruba switch, but not working on other manufacturer switch.

I don’t know it is the case, but MAC authentication via Aruba switch in Clearpass RADIUS requests username always in lowercase (Radius:IETF:User-Name aabbccddeeff), but RADIUS requests from other switch - uppercase (Radius:IETF:User-Name AABBCCDDEEFF)..

And I get this error:

Error Code: 204

Error Category: Authentication failure

Error Message: Failed to classify request to service

Alerts for this Request

RADIUS Service Categorization failed

MAC authentication service:

Radius:IETF NAS-Port-Type BELONGS_TO Ethernet (15), Wireless-802.11 (19)

Radius:IETF Service-Type BELONGS_TO Login-User (1), Call-Check (10)

Connection Client-Mac-Address EQUALS %{Radius:IETF:User-Name}

So it is the problem with MAC format and this is why service cannot be categorized? Or..? How can I solve this problem?

Netgear

Look at the RADIUS request and see if the service rules match. If they don't, change them.

SOLUTION..

In Service Rules one of the condition did not match. If I remove: Radius:IETF Service-Type BELONGS_TO Login-User (1), Call-Check (10) then MAC authentication works via Netgear switch too..