11-21-2023 07:24 AM
Hello community,
I have an issue and i need your help.
I've deploy a mac authentication with an auth server Aruba ClearPass.
I have a mac auth profile for my access point which, if auth OK, untaged my mgmt vlan and tagged my SSIDs VLAN.
Until now, it's okay.
But after when my client connect on a SSID behind an access point on a mac-auth port OK, the client cannot authenticate on the ssid et fall directly in error state.
My question is : Can i put the switch port use for mac auth my access point, after the access point is authenticated et dynamicly assign vlan in a state which bypass the authentication on the switch port ????
Thank you, i can explain the case with more info if needed.
Thanks you.
Solved! Go to Solution.
11-21-2023 10:44 AM
Hello @KevAktea33
The scenario you mention has been considered on the newest version.
I recommend you upgrade your switch to version 8095m where the command 'auth auth-mode multiple-hosts' under the interface configuration mode:
device# configure terminal device(config)# interface ethernet 1/1/1 device(config-if-e10000-1/1/1)# auth auth-mode multiple-hosts
https://docs.commscope.com/bundle/fastiron-08095-commandref/page/GUID-1E3D2012-3346-445E-8643-
Bear in mind that the newer versions are UFI type, so you would need to perform a two-stages upgrade from the current non-UFI version to the new UFI version.
Here you will find more details on how to do that:
11-21-2023 07:26 AM
Sorry, i forgot an info.
I have some ICX 7250 in a FW SPS08030
11-21-2023 10:44 AM
Hello @KevAktea33
The scenario you mention has been considered on the newest version.
I recommend you upgrade your switch to version 8095m where the command 'auth auth-mode multiple-hosts' under the interface configuration mode:
device# configure terminal device(config)# interface ethernet 1/1/1 device(config-if-e10000-1/1/1)# auth auth-mode multiple-hosts
https://docs.commscope.com/bundle/fastiron-08095-commandref/page/GUID-1E3D2012-3346-445E-8643-
Bear in mind that the newer versions are UFI type, so you would need to perform a two-stages upgrade from the current non-UFI version to the new UFI version.
Here you will find more details on how to do that: