Security

 View Only
last person joined: 14 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Aruba 2920 802.1x MAC Auth with Clearpass

This thread has been viewed 19 times

  • 1.  Aruba 2920 802.1x MAC Auth with Clearpass

    Posted Nov 16, 2022 10:10 AM
    I'm attempting to set up 802.1x on our switch fleet and have had no trouble getting EAP-TLS working with domain assets.  However, there are devices that we intend on authenticating with MAC auth.  When sending MAC auth requests to Clearpass I can see that it is using the correct service, policies, and profiles but auth fails every time with the below message.  

    Error Code: 209
    Error Category: Authentication Failure
    Error Message: No password in request
    MAC_AUTH: No password in request. Not attempting MAC authentication
    Cannot select appropriate authentication method

    However, even if I specify a password on my test switch for MAC auth using this command "aaa port-access mac-based password" I receive the same message.  Ideally, I'd like to use the global password command from our AOS switch fleet instead of passing the MAC as the password as this would be a bit more secure, but if the MAC gets passed as the password that is fine as well.


  • 2.  RE: Aruba 2920 802.1x MAC Auth with Clearpass

    EMPLOYEE
    Posted Nov 16, 2022 06:34 PM
    The switch should be sending the username (MAC) as the password.
    What is the firmware version for 2920 switch?
    Lastly it might be using EAP-MD5 instead, check for EAP-message in incoming Radius request.



    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
    ------------------------------

    Original Message