Dear community,
today I made my first expierience with Aruba Clearpass.
At first I would like to use a simple wired mac authentication configuration.
If an endpoint has a special attribut, e.g. "VOIP" he will receive a special VLAN and the session will be authenticated on the switch port.
I already created the roles, role mappings, profiles and a policy.
In the access tracker we can see, that the client on the switch has been authenticated successfully and that the correct VLAN has been send to the switch: Radius Response: "Radius:Aruba:Aruba-User-Vlan 230"
But on the switch we do not see the correct VLAN. Only the following:
switch-stack-3# sh port-access 1/11 mac-based clients detailed
Port Access MAC-Based Client Status Detailed
Client Base Details :
Port : 1/11
Client Status : authenticated Session Time : 6 seconds
MAC Address : 805ec0-1b84d3 Session Timeout : 0 seconds
IP : n/a
Access Policy Details :
COS Map : Not Defined In Limit Kbps : Not Set
Untagged VLAN : 1 Out Limit Kbps : Not Set
Tagged VLANs : No Tagged VLANs
Port Mode : 100FDx Auth Mode : User-based
RADIUS ACL List : No Radius ACL List
Auth Order : Not Set
Auth Priority : Not Set
LMA Fallback : Disabled
The switch configuration looks like this:
switch-stack-3# sh run | inc radius
radius-server host 172.X.X.X key "secret"
radius-server host 172.X.X.X dyn-authorization
radius-server host 172.X.X.X time-window 600
aaa authentication port-access eap-radius
interface 1/11
untagged vlan 1
aaa port-access mac-based
aaa port-access mac-based addr-limit 2
aaa port-access mac-based addr-moves
aaa port-access mac-based unauth-vid 999
exit
Has anybody an idea what could be wrong?
Thanks and best regards
Alex
