Security

i have connected a new switch(its a 24 port switch) to my network and its been 4 days and no user roles have been downloaded.

the switch has been added to clearpass.

no error logs on the switch relating to why user roles are not downloading.

user role download is set to enable

running clearpass 6.7

what and where do i need to check on why its not downloading the user role

is there a way to check if the device has been authenticated?

what can i check?

surely it shouldnt take 4-5 days to authenticate

can you be bit more descriptive.

am i checking if the switch is authenticating?

is there anything in the switch side i need to check to make sure if all the config is good or not

Did you follow the Wired Policy Enforcement Guide? Or this video on the Airheads Broadcasting Channel?

Some basic things to check:

- Does the port do authentication at all? show port access clients / show port access clients <port-number> detailed 

- Is the switch local clock synchronized? show ntp status

- Does the switch get the ClearPass root CA as trust anchor? show crypto pki ta-profile

- Did you configure the switch with the ClearPass Downloadable Role admin credentials? 

appreciate your detailed questions.

to answer them i found that i did not have the cert installed and as soon as i installed it downlaoded 1 of 2 user roles.

i am still waiting for the switch to dwonload the 2nd role.

i would imagine this would answer all of your questions.

 i cant find anywhere in the logs in terms of why its not downloading the 2nd role. this switch is a replica of another switch which has downloaded the all other roles

What version of firmweare are you runnig on the switch. If you use 16.8.3  and configure your radius servers to be clearpass servers then the cert download will happen automagically.

ning 16.8.1