Security

Who Me Too'd this topic

Frequent Contributor II

802.1x and profiling port 2920 and Clearpass

Hi!

 

I´m setting up 802.1x for employees and mac-auth for profiling and guestaccess on wired ports on a aruba 2920 switch with clearpass.

Been using "Wired Policy Enforcement solution guide", excelent guide btw.

 

I´ve setup a service for mac auth (allow all mac) and a service for 802.1x.

It´s working fine in practice from what I can see in my lab right now.But I´m a bit worried since I´m seeing some mac-auths hitting the mac-auth service alongside the 802.1x service at almost the same time for my 802.1x configured client.

 

I´ve tried changing quiet-period for mac auth on the port, but makes no difference.

 

Is this normal ? It doesnt seem to affect the client, it stays on the employee network all the time. mac-auth does send out captiveportal for the client since it doesnt fit any guestroles in the mac service, but the correct 802.1x vlan seems to stay the same on the switch regardless. But I want to be sure before going forwards with deployment.

 

oh, and I´m not using user-roles right now, Im using dynamically assigned vlans (via radius responses).


ACMP | ACCP
Who Me Too'd this topic