There is a big chance that the DHCP packets don't reach ClearPass. With a
Collect Logs on ClearPass, you can run a packet capture to validate if the relayed DHCP packets actually reach ClearPass.
Some switches don't support DHCP relay and server on the same instance; most switches require a L3 IP in the VLAN to forward DHCP packets; it my be that switches are 'intelligent' and see that certain servers never reply and mark the ip helper 'dead'.
First step is to make sure the packets actually reach ClearPass. Then if they don't find out if they are actually sent by the switch, and if so where they are lost.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Aug 18, 2022 04:52 PM
From: Mark Demers
Subject: Juniper Switch ClearPass Profiling
Hi,
We are in the process of rolling out MAC Authentication on our wired ports students use across campus. We are not utilizing dot1x at this time. We have been able to get MAC Auth functioning fully on our Juniper switches however, we cannot get fingerprints to ClearPass for some reason.
We have already added dhcp relay options to our routing-instances and forwarding options. This seems to be the correct configuration, but is not working. Anyone ever get this working and have any suggestions?
Please note we have been able to make this work in our dorms that have Aruba-CX switches.
Thanks
------------------------------
Mark
------------------------------