Wired

We are trying to implement Clearpass on all of our switches. We have a core server (HPE 5130) that is connected to a CX 6200M switch at a nearby building via fiber. Everything is working well on the 6200M and we have enabled our Clearpass configuration on half of the ports on that switch. From the 6200M, we have uplinks to three separate CX 6200F switches that we are also implementing Clearpass on. The configuration is the same as what were are putting on the 6200M, we are able to ping the Clearpass server IP's from the 6200F switches, and TACACS+ is working to allow us to log in via SSH. However, when we try to implement the configuration on the ports to allow port-access through 802.1x or Mac Auth, it does not pass through the 6200M. I can see the log ins from the 6200F's in Clearpass, and port-access authentication on the 6200M, but no port-access attempts, at all, from the 6200F's. Hoping I'm just missing something simple here. 

Hi Jason,

a little late reply, but such issues might end up requiring a lot of troubleshooting, so it's better to open a TAC case for the switch and the colleagues will take a look and help you. 
Or if you prefer to first troubleshoot the problem by yourself I think the best way is to collect a packet capture while a client is attempting to get authenticated. And to trace where the communication breaks. To do so you would need a laptop/PC with wireshark to which you will mirror and send the traffic for inspection. The necessary port mirroring config is:

ArubaCX(config)# mirror session 1

ArubaCX(config-mirror-1)# source interface 1/1/16 both

ArubaCX(config-mirror-1)# source interface 1/1/1 both

ArubaCX(config-mirror-1)# destination interface 1/1/25

ArubaCX(config-mirror-1)# enable

Source ports: port where the client with authentication issues is connected, and the port leading to ClearPass
Destination port: port where you would have the laptop running Wireshark