I am trying to configure clearpass, for mac authentication for guest access, but have having trouble triggering the "guest mac authentication service.
I used the "guest mac authentication" template to create the service "mac authentication" and "guest access with mac caching"
The "guest access with mac caching service is matched in the access tracker, authenticates me against the "guest user repository" updates the endpoint to known etc, and sends the correct role to the controller in order to allow me to access the guest services/internet etc.
I have followed various implementation guides and other posts on here but I cannot get the "mac authentication service to trigger"
Not even to deny a host that has never connected.
The mac authentication is set as shown below:
Service tab
type mac authentication
Service rule: match all
type: connection name: client-mac-address operator: EQUALS Value: %{radius:IETF:User-name}
type: RadiusAruba name:Aruba-Essid-Name operator: EQUALS Value: Lab_GUEST
Authentication
Methods = [MAC AUTH]
Authentication sources [Endpoints repository] [local SQL DB]
Authorisation
Authorisation source [insight repository] [local SQL Db]
I have seen in other posts that not having "Insight enabled" can cause problems but this is enabled, Checks after I have authenticated show that my device is changed to a known device etc, but I still don't get hits on the access tracker for my "mac auth service"
Any ideas or suggestions would be greatly appreciated.