Security

I'm trying to get 8021x working on a Juniper ex2300 switch.  I see the authentication requests on Clearpass and devices being allowed but it appears the devices aren't getting an address.  This is what i see for dhcp statistics:
Packets dropped:
Total 13
Invalid server address 2
Interface not configured 11
Also attaching a cleaned up config.

check your configuration against this.
https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce157-example-aruba-dot1x-mac.html

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Sep 15, 2022 01:56 PM
From: Unknown User
Subject: 8021x with Juniper Switch

I'm trying to get 8021x working on a Juniper ex2300 switch.  I see the authentication requests on Clearpass and devices being allowed but it appears the devices aren't getting an address.  This is what i see for dhcp statistics:
Packets dropped:
Total 13
Invalid server address 2
Interface not configured 11
Also attaching a cleaned up config.

I got something back from the juniper forums as well.  I'll compare and report back.
Original Message:
Sent: Sep 18, 2022 01:39 AM
From: Ariya Parsamanesh
Subject: 8021x with Juniper Switch

check your configuration against this.
https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce157-example-aruba-dot1x-mac.html

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Sep 15, 2022 01:56 PM
From: Unknown User
Subject: 8021x with Juniper Switch

I'm trying to get 8021x working on a Juniper ex2300 switch.  I see the authentication requests on Clearpass and devices being allowed but it appears the devices aren't getting an address.  This is what i see for dhcp statistics:
Packets dropped:
Total 13
Invalid server address 2
Interface not configured 11
Also attaching a cleaned up config.

checked against juniper recommendations and everything looks correct.  Still no dhcp
Original Message:
Sent: Sep 19, 2022 10:48 AM
From: Unknown User
Subject: 8021x with Juniper Switch

I got something back from the juniper forums as well.  I'll compare and report back.
Original Message:
Sent: Sep 18, 2022 01:39 AM
From: Ariya Parsamanesh
Subject: 8021x with Juniper Switch

check your configuration against this.
https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce157-example-aruba-dot1x-mac.html

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Sep 15, 2022 01:56 PM
From: Unknown User
Subject: 8021x with Juniper Switch

I'm trying to get 8021x working on a Juniper ex2300 switch.  I see the authentication requests on Clearpass and devices being allowed but it appears the devices aren't getting an address.  This is what i see for dhcp statistics:
Packets dropped:
Total 13
Invalid server address 2
Interface not configured 11
Also attaching a cleaned up config.

I'm not really familiar with EX Switching, but if you place a client in the same VLAN on a port that is not configured for 802.1X (normal open port, without authentication), does it get an IP address in that case?

Do you have a command on the switch to see the authentication sessions, port status, VLAN assignment, etc? Then you can verify that the client is in the correct VLAN, no ACLs are applied, etc.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Sep 19, 2022 12:05 PM
From: Unknown User
Subject: 8021x with Juniper Switch

checked against juniper recommendations and everything looks correct.  Still no dhcp
Original Message:
Sent: Sep 19, 2022 10:48 AM
From: Unknown User
Subject: 8021x with Juniper Switch

I got something back from the juniper forums as well.  I'll compare and report back.
Original Message:
Sent: Sep 18, 2022 01:39 AM
From: Ariya Parsamanesh
Subject: 8021x with Juniper Switch

check your configuration against this.
https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce157-example-aruba-dot1x-mac.html

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Sep 15, 2022 01:56 PM
From: Unknown User
Subject: 8021x with Juniper Switch

I'm trying to get 8021x working on a Juniper ex2300 switch.  I see the authentication requests on Clearpass and devices being allowed but it appears the devices aren't getting an address.  This is what i see for dhcp statistics:
Packets dropped:
Total 13
Invalid server address 2
Interface not configured 11
Also attaching a cleaned up config.

Just to follow up, still having this issue.
Original Message:
Sent: Sep 15, 2022 01:56 PM
From: Unknown User
Subject: 8021x with Juniper Switch

I'm trying to get 8021x working on a Juniper ex2300 switch.  I see the authentication requests on Clearpass and devices being allowed but it appears the devices aren't getting an address.  This is what i see for dhcp statistics:
Packets dropped:
Total 13
Invalid server address 2
Interface not configured 11
Also attaching a cleaned up config.

Still the same.
Original Message:
Sent: Sep 27, 2022 11:43 AM
From: Unknown User
Subject: 8021x with Juniper Switch

Just to follow up, still having this issue.
Original Message:
Sent: Sep 15, 2022 01:56 PM
From: Unknown User
Subject: 8021x with Juniper Switch

I'm trying to get 8021x working on a Juniper ex2300 switch.  I see the authentication requests on Clearpass and devices being allowed but it appears the devices aren't getting an address.  This is what i see for dhcp statistics:
Packets dropped:
Total 13
Invalid server address 2
Interface not configured 11
Also attaching a cleaned up config.

Help us help you :)

Herman asked if you plug the device into a non-authentication port with the same VLAN does the client complete DHCP?

------------------------------
ACNSA | ACEA | ACCP | ACMP
------------------------------

Original Message:
Sent: Oct 28, 2022 04:22 PM
From: Unknown User
Subject: 8021x with Juniper Switch

Still the same.
Original Message:
Sent: Sep 27, 2022 11:43 AM
From: Unknown User
Subject: 8021x with Juniper Switch

Just to follow up, still having this issue.
Original Message:
Sent: Sep 15, 2022 01:56 PM
From: Unknown User
Subject: 8021x with Juniper Switch

I'm trying to get 8021x working on a Juniper ex2300 switch.  I see the authentication requests on Clearpass and devices being allowed but it appears the devices aren't getting an address.  This is what i see for dhcp statistics:
Packets dropped:
Total 13
Invalid server address 2
Interface not configured 11
Also attaching a cleaned up config.

i got dhcp working by removing the firewall portion of the juniper recommended configuration.  I'm stuck now on getting the colorless port configuration working:
https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce-209-configuring-colorless-ports-ex-aruba-clearpass-policy.html

The Clearpass approval/authentication is working but its not pushing back the vlan option.  I'm only getting the voip vlan working or the switch will just default to vlan 1
Original Message:
Sent: Oct 28, 2022 08:50 PM
From: Brian Dempsey
Subject: 8021x with Juniper Switch

Help us help you :)

Herman asked if you plug the device into a non-authentication port with the same VLAN does the client complete DHCP?

------------------------------
ACNSA | ACEA | ACCP | ACMP

Original Message:
Sent: Oct 28, 2022 04:22 PM
From: Unknown User
Subject: 8021x with Juniper Switch

Still the same.
Original Message:
Sent: Sep 27, 2022 11:43 AM
From: Unknown User
Subject: 8021x with Juniper Switch

Just to follow up, still having this issue.
Original Message:
Sent: Sep 15, 2022 01:56 PM
From: Unknown User
Subject: 8021x with Juniper Switch

I'm trying to get 8021x working on a Juniper ex2300 switch.  I see the authentication requests on Clearpass and devices being allowed but it appears the devices aren't getting an address.  This is what i see for dhcp statistics:
Packets dropped:
Total 13
Invalid server address 2
Interface not configured 11
Also attaching a cleaned up config.

Hi, can you show the enforcement profile where you want to send the vlan to that switch? What is the vlan number you want to send?
Original Message:
Sent: Oct 31, 2022 02:06 PM
From: Unknown User
Subject: 8021x with Juniper Switch

i got dhcp working by removing the firewall portion of the juniper recommended configuration.  I'm stuck now on getting the colorless port configuration working:
https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce-209-configuring-colorless-ports-ex-aruba-clearpass-policy.html

The Clearpass approval/authentication is working but its not pushing back the vlan option.  I'm only getting the voip vlan working or the switch will just default to vlan 1
Original Message:
Sent: Oct 28, 2022 08:50 PM
From: Brian Dempsey
Subject: 8021x with Juniper Switch

Help us help you :)

Herman asked if you plug the device into a non-authentication port with the same VLAN does the client complete DHCP?

------------------------------
ACNSA | ACEA | ACCP | ACMP

Original Message:
Sent: Oct 28, 2022 04:22 PM
From: Unknown User
Subject: 8021x with Juniper Switch

Still the same.
Original Message:
Sent: Sep 27, 2022 11:43 AM
From: Unknown User
Subject: 8021x with Juniper Switch

Just to follow up, still having this issue.
Original Message:
Sent: Sep 15, 2022 01:56 PM
From: Unknown User
Subject: 8021x with Juniper Switch

I'm trying to get 8021x working on a Juniper ex2300 switch.  I see the authentication requests on Clearpass and devices being allowed but it appears the devices aren't getting an address.  This is what i see for dhcp statistics:
Packets dropped:
Total 13
Invalid server address 2
Interface not configured 11
Also attaching a cleaned up config.

To follow up on this i got it working by removing the firewall filters on the switch.  I started a conversation about colorless ports on this post:
https://community.arubanetworks.com/discussion/colorless-ports-with-clearpass-and-juniper
Original Message:
Sent: Nov 01, 2022 07:56 AM
From: Ulises Cazares
Subject: 8021x with Juniper Switch

Hi, can you show the enforcement profile where you want to send the vlan to that switch? What is the vlan number you want to send?
Original Message:
Sent: Oct 31, 2022 02:06 PM
From: Unknown User
Subject: 8021x with Juniper Switch

i got dhcp working by removing the firewall portion of the juniper recommended configuration.  I'm stuck now on getting the colorless port configuration working:
https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce-209-configuring-colorless-ports-ex-aruba-clearpass-policy.html

The Clearpass approval/authentication is working but its not pushing back the vlan option.  I'm only getting the voip vlan working or the switch will just default to vlan 1
Original Message:
Sent: Oct 28, 2022 08:50 PM
From: Brian Dempsey
Subject: 8021x with Juniper Switch

Help us help you :)

Herman asked if you plug the device into a non-authentication port with the same VLAN does the client complete DHCP?

------------------------------
ACNSA | ACEA | ACCP | ACMP

Original Message:
Sent: Oct 28, 2022 04:22 PM
From: Unknown User
Subject: 8021x with Juniper Switch

Still the same.
Original Message:
Sent: Sep 27, 2022 11:43 AM
From: Unknown User
Subject: 8021x with Juniper Switch

Just to follow up, still having this issue.
Original Message:
Sent: Sep 15, 2022 01:56 PM
From: Unknown User
Subject: 8021x with Juniper Switch

I'm trying to get 8021x working on a Juniper ex2300 switch.  I see the authentication requests on Clearpass and devices being allowed but it appears the devices aren't getting an address.  This is what i see for dhcp statistics:
Packets dropped:
Total 13
Invalid server address 2
Interface not configured 11
Also attaching a cleaned up config.

the one thing i don't have working is getting a workstation recognized.  i'm trying to have the enforcement policy look the hostname up in active directory.
Original Message:
Sent: Nov 01, 2022 12:31 PM
From: Unknown User
Subject: 8021x with Juniper Switch

To follow up on this i got it working by removing the firewall filters on the switch.  I started a conversation about colorless ports on this post:
https://community.arubanetworks.com/discussion/colorless-ports-with-clearpass-and-juniper
Original Message:
Sent: Nov 01, 2022 07:56 AM
From: Ulises Cazares
Subject: 8021x with Juniper Switch

Hi, can you show the enforcement profile where you want to send the vlan to that switch? What is the vlan number you want to send?
Original Message:
Sent: Oct 31, 2022 02:06 PM
From: Unknown User
Subject: 8021x with Juniper Switch

i got dhcp working by removing the firewall portion of the juniper recommended configuration.  I'm stuck now on getting the colorless port configuration working:
https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce-209-configuring-colorless-ports-ex-aruba-clearpass-policy.html

The Clearpass approval/authentication is working but its not pushing back the vlan option.  I'm only getting the voip vlan working or the switch will just default to vlan 1
Original Message:
Sent: Oct 28, 2022 08:50 PM
From: Brian Dempsey
Subject: 8021x with Juniper Switch

Help us help you :)

Herman asked if you plug the device into a non-authentication port with the same VLAN does the client complete DHCP?

------------------------------
ACNSA | ACEA | ACCP | ACMP

Original Message:
Sent: Oct 28, 2022 04:22 PM
From: Unknown User
Subject: 8021x with Juniper Switch

Still the same.
Original Message:
Sent: Sep 27, 2022 11:43 AM
From: Unknown User
Subject: 8021x with Juniper Switch

Just to follow up, still having this issue.
Original Message:
Sent: Sep 15, 2022 01:56 PM
From: Unknown User
Subject: 8021x with Juniper Switch

I'm trying to get 8021x working on a Juniper ex2300 switch.  I see the authentication requests on Clearpass and devices being allowed but it appears the devices aren't getting an address.  This is what i see for dhcp statistics:
Packets dropped:
Total 13
Invalid server address 2
Interface not configured 11
Also attaching a cleaned up config.

Use the below example for returning VLANs.



------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos
------------------------------

Original Message:
Sent: Oct 31, 2022 02:06 PM
From: Unknown User
Subject: 8021x with Juniper Switch

i got dhcp working by removing the firewall portion of the juniper recommended configuration.  I'm stuck now on getting the colorless port configuration working:
https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce-209-configuring-colorless-ports-ex-aruba-clearpass-policy.html

The Clearpass approval/authentication is working but its not pushing back the vlan option.  I'm only getting the voip vlan working or the switch will just default to vlan 1
Original Message:
Sent: Oct 28, 2022 08:50 PM
From: Brian Dempsey
Subject: 8021x with Juniper Switch

Help us help you :)

Herman asked if you plug the device into a non-authentication port with the same VLAN does the client complete DHCP?

------------------------------
ACNSA | ACEA | ACCP | ACMP

Original Message:
Sent: Oct 28, 2022 04:22 PM
From: Unknown User
Subject: 8021x with Juniper Switch

Still the same.
Original Message:
Sent: Sep 27, 2022 11:43 AM
From: Unknown User
Subject: 8021x with Juniper Switch

Just to follow up, still having this issue.
Original Message:
Sent: Sep 15, 2022 01:56 PM
From: Unknown User
Subject: 8021x with Juniper Switch

I'm trying to get 8021x working on a Juniper ex2300 switch.  I see the authentication requests on Clearpass and devices being allowed but it appears the devices aren't getting an address.  This is what i see for dhcp statistics:
Packets dropped:
Total 13
Invalid server address 2
Interface not configured 11
Also attaching a cleaned up config.