Hi Colin,
both were previously configured but our external supplier, but i can access and change configuration on both device.
to be more clear, we have a CA certificate installed on clearpass and on machine in trusted root, AD as source for auth.
and cisco switch global:
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa server radius dynamic-author
client 172.20.0.23 server-key 7 ****************
port 3799
auth-type all
crypto pki certificate chain TP-self-signed-1980940132
certificate self-signed 01
***
quit
network-policy profile 1
voice vlan 126 cos 4
dot1x system-auth-control
port configured as:
interface GigabitEthernet1/0/3
switchport access vlan 105
switchport mode access
switchport voice vlan 126
switchport port-security maximum 2
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
mab
dot1x pae authenticator
spanning-tree portfast
tell me if you need more.
Marco