New Contributor

clearpass+HPE comware gives issues

Hello All,

We recently started to use clearpass ta acces our network with dot1x. With ARABU switches everything wordks like it is suposed to, with HPE Comware switches we have several issues.


1. We use MAC exceptions for devices which doesn't support, if they enter sleep mode and come online again their access is gone and they are redirected to the landing VLAN for unknown devices which is our guest network.

2. If we boot our WIN10 PC's they connect trough the PC certificate installed on the machine, till then everything works. But if the user login the authentication process strats over. even though MAC and DOT1X are running paralel the switch will get an answer that the device is unauthenticated and therefor it is placed in the Landing VLAN. Only if disconnect the cable and plug it in again we gain access to our regular LAN. Same happens if PC comes out of sleep and hibernate mode.


What is wrong or what did we missed during configuration?


Below a port config and a DOT1Xconfig


interface GigabitEthernet3/0/14
description 03A-129
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 9xxx untagged
port hybrid pvid vlan 9xxx
mac-vlan enable
stp edged-port
undo dot1x handshake
dot1x mandatory-domain clearpass
undo dot1x multicast-trigger
dot1x re-authenticate
dot1x auth-fail vlan 3xxx
dot1x re-authenticate server-unreachable keep-online
mac-authentication max-user 3
mac-authentication domain clearpass
mac-authentication re-authenticate server-unreachable keep-online
mac-authentication guest-vlan 3xxx
mac-authentication critical vlan 3xxx

mac-authentication host-mode multi-vlan
mac-authentication parallel-with-dot1x
mac-authentication re-authenticate
port-security max-mac-count 3
port-security port-mode userlogin-secure-or-mac-ext

dot1x authentication-method eap
dot1x retry 5
dot1x timer handshake-period 60
dot1x timer supp-timeout 60
dot1x timer tx-period 60
mac-authentication timer offline-detect 60
mac-authentication timer quiet 1
mac-authentication domain clearpass
mac-authentication timer reauth-period 60



Jurgen Dendas

Search Airheads
Showing results for 
Search instead for 
Did you mean: