Hey everyone!
Joseph were absolutely right.
You don´t need a specific server rule on the controller, like I wrote yesterday.
Today morning I removed the server rule from controller and I wanted to test the authentication in interaction with the debug log (like Joseph wrote yesterday)
I was really confused, that even I´ve removed the server rule, the authentication has been succsessful.
Then I remembered that I also made changes in the AAA-Profil and also in the 802.1X-Profil.
I had before following settings (cause I didn´t know it better)
Cause I didn´t know what these roles are doing I thougth, that I just have to take a role, where nothing is in it and the system don´t have any restrictions (cause no restrictions were made in these role).
But I was so wrong in this.
A role, which is empty, deny any traffic, cause the role don´t know what to do.
After that, I changed the settings in a default role, which has the value "allow all" and suddenly I have connection and everything works fine.
I also understood, that I have to set the "802.1X Authentication Default Role" in AAA-profile with a role, which has connection to ClearPass and a DHCP-server.
The only thing I don´t understand for now is the difference between "802.1X Authentication Default Role" in AAA-profile and the "Machine Authentication: Default Machine / User Role" in 802.1X-profile.
Maybe someone can tell me that.
But anyway, I think now everything works like I want.
Many thanks to all.
PS. Maybe someone has a "Best Practice" for settings in Aruba Controller in interaction with ClearPass.
Cause should I "open" my controller and set all ACL´s on swich or should I set ACL´s with ClearPass roles?
A paper with best practices would be very useful
Regards
Falk