Security

Hello,

 

I am setting up ClearPass in test environment. I am using AD based   authentication (username-password). I have created a wired 802.1x service. The service is in monitor mode but as soon as I enable 802.1x on the switch, the clients loose network access.

 

I mean the users are already authenticated against AD and had network access before 802.1x was enabled. Why does it lose access when 802.1x is enabled on the switch? 

 

Am I missing something? Should the enpoints be restarted after enabling 802.1x on the switch in order for them to reauthenticate?

Hi, 

 

What do you see in access tracker?

I see access reject messages.

Hi, 

 

Please share snapshot of your role mapping and enforcement policies

Hello Ronin,

 

Thanks for your reply. I do not have access to the UI as of now. I will be sending it when I have the access.

In general should monitor mode affect network access simply because 802.1x is enabled on the switchport?

No it shouldnt. Its usually recommended to start with monitor mode if you
are unclear of what effects it might have on the network.

In your case it is indeed going against desired result

Also please share the make/model of switch and configuration you are doing on it

Sure Ronin. I will be back with the required details. Thanks

In addition to the role mapping and enforcement, in access tracker under the reject messages you are getting, is there an alerts tab? If there is, what alerts are there?