Security

I'm trying to test mac based authentication with my 2930f and clearpass and I simply cannot get the switch to authenticate via radius.

In the event viewer, I have lots of "RADIUS authentication attempt from unknown NAD x.x.x.x:1812 (where x.x.x.x is the ip address of the switch) as soon I plug a phone into port 1.

I have double checked the key on the switch, as well as the radius shared-secret on the device and they are _identical_.

snippet from switch;

aaa server-group radius "Clearpass" host 1.1.1.3
aaa accounting update periodic 5
aaa accounting network start-stop radius server-group "Clearpass"
aaa authentication port-access eap-radius server-group "Clearpass"
aaa authentication mac-based chap-radius server-group "Clearpass"
aaa port-access authenticator 1
aaa port-access authenticator 1 tx-period 10
aaa port-access authenticator 1 supplicant-timeout 10
aaa port-access authenticator 1 client-limit 3
aaa port-access authenticator active
aaa port-access mac-based 1
aaa port-access mac-based 1 addr-limit 2

The clearpass service i'm testing against is type radius, mac authentication template - authentication methos all MAC AUTH.

you may need to add your switch as Device to Clearpass and configure the secret, etc accordingly

Hi Martin,

 I've double checked. The radius key on the switch and the radius shared-secret on the device in clearpass is identical :(

unknown NAD normally means Clearpass is not aware of the switch or AP. Maybe wrong IP of the Switch in the Device config  in Clearpass?

Is the issue fixed?

If yes, let me know how it got resolved.