many users complains about they can't access the network, i have check the logs on switch and clearpassmac-auth for avaya ip phone and 802.1x for windows 10 clients (pc behind ip phone)
vlan 11 for voice
vlan 3 for users
windows client keep attempting to authenticate , then authentication failed (eap-tls)
configs on the switch port:
WB.16.04.0013
interface 4/10name "U_27"tagged vlan 11untagged vlan 3aaa port-access authenticatoraaa port-access authenticator tx-period 15aaa port-access authenticator supplicant-timeout 15aaa port-access authenticator client-limit 3aaa port-access authenticator cached-reauth-period 86400aaa port-access mac-basedaaa port-access mac-based addr-limit 2aaa port-access mac-based reauth-period 86400exit
No logs on clearpass for 802.1x only mac-auth and it's rejected for the users.
switch logs:
I 09/11/22 10:48:23 00435 ports: ST1-CMDR: port 4/10 is Blocked by AAA
I 09/11/22 10:49:30 00076 ports: ST1-CMDR: port 4/10 is now on-line
# show port-access 4/10 clients
Port Access Client Status
Port Client Name MAC Address IP Address User Role Type VLAN
----- ------------- ------------- --------------- ----------------- ----- -------------------------------------------------------
4/10 98e743-66ddaf n/a 8021X
4/10 98e743-66ddaf n/a MAC
4/10 b4475eaa3f0a b4475e-aa3f0a 192.168.102.63 MAC 11
# show port-access 4/10 clients detailed
Port Access Client Status Detail
Client Base Details :
Port : 4/10 Authentication Type : 802.1x
Client Status :
connecting Session Time : 0 seconds
Client name : Session Timeout : 0 seconds
MAC Address : 98e743-66ddaf
IP : n/a
Access Policy Details :
COS Map : Not Defined In Limit Kbps : Not Set
Untagged VLAN : Not Set Out Limit Kbps : Not Set
Tagged VLANs : No Tagged VLANs
Port Mode : 1000FDx
RADIUS ACL List : No Radius ACL List
Client Base Details :
Port : 4/10 Authentication Type : mac-based
Client Status :
rejected no vlan Session Time : 60 seconds
Client Name : Session Timeout : 0 seconds
MAC Address : 98e743-66ddaf
IP : n/a
Access Policy Details :
COS Map : Not Defined In Limit Kbps : Not Set
Untagged VLAN : Not Set Out Limit Kbps : Not Set
Tagged VLANs : No Tagged VLANs
Port Mode : 1000FDx
RADIUS ACL List : No Radius ACL List
Client Base Details :
Port : 4/10 Authentication Type : mac-based
Client Status : authenticated Session Time : 80116 seconds
Client Name : b4475eaa3f0a Session Timeout : 0 seconds
MAC Address : b4475e-aa3f0a
IP : 192.168.102.63
Access Policy Details :
COS Map : Not Defined In Limit Kbps : Not Set
Untagged VLAN : 11 Out Limit Kbps : Not Set
Tagged VLANs : No Tagged VLANs
Port Mode : 1000FDx
RADIUS ACL List : No Radius ACL List
any missing configuration here??
------------------------------
BR,
Mohanad
------------------------------