Security

Hello, as we have begun deploying Clearpass, we originally were running into the issue where mac auth and wired auth were running at the same time not allowing devices to connect to the network. Even though the return wired captive portal still persists, we were under the impression things were running normally. But now users are reporting that they are having to restart their computer every morning to get connected to the network, some have even stated it kicks them off the network during business hours. We are using Cisco 3850 switches, Aruba Wireless APs. Here is our policy map, template we are using on the port configs, and some logs from the wired captive portal being returned. If anyone has any idea or insight that would be very much appreciated. 

We also have noticed when we changed the dot1x timeout server-timeout lower, it caused devices using mac-auth to not authenticate in time resulting in no IP assignment.  Also this is occurring on devices that are daisy chained with an Avaya IP Phone.

Different device 

-------------------------------------------

Are you running authentication at the switch for users connecting to the WLAN?  Or is the mention of Aruba APs just there for some other reason?

Hello, as we have begun deploying Clearpass, we originally were running into the issue where mac auth and wired auth were running at the same time not allowing devices to connect to the network. Even though the return wired captive portal still persists, we were under the impression things were running normally. But now users are reporting that they are having to restart their computer every morning to get connected to the network, some have even stated it kicks them off the network during business hours. We are using Cisco 3850 switches, Aruba Wireless APs. Here is our policy map, template we are using on the port configs, and some logs from the wired captive portal being returned. If anyone has any idea or insight that would be very much appreciated. 

We also have noticed when we changed the dot1x timeout server-timeout lower, it caused devices using mac-auth to not authenticate in time resulting in no IP assignment.  Also this is occurring on devices that are daisy chained with an Avaya IP Phone.

Different device 

-------------------------------------------

Just mentioned it so the more knowledge the better about our environment. We are using a RADIUS server for authentication.

Are you running authentication at the switch for users connecting to the WLAN?  Or is the mention of Aruba APs just there for some other reason?

Hello, as we have begun deploying Clearpass, we originally were running into the issue where mac auth and wired auth were running at the same time not allowing devices to connect to the network. Even though the return wired captive portal still persists, we were under the impression things were running normally. But now users are reporting that they are having to restart their computer every morning to get connected to the network, some have even stated it kicks them off the network during business hours. We are using Cisco 3850 switches, Aruba Wireless APs. Here is our policy map, template we are using on the port configs, and some logs from the wired captive portal being returned. If anyone has any idea or insight that would be very much appreciated. 

We also have noticed when we changed the dot1x timeout server-timeout lower, it caused devices using mac-auth to not authenticate in time resulting in no IP assignment.  Also this is occurring on devices that are daisy chained with an Avaya IP Phone.

Different device 

-------------------------------------------

You're probably going to be best off pursuing this issue with Cisco.  Generally speaking, attempting any kind of guest/captive portal authentication on a wired connection is more pain than it is worth.

Just mentioned it so the more knowledge the better about our environment. We are using a RADIUS server for authentication.

Are you running authentication at the switch for users connecting to the WLAN?  Or is the mention of Aruba APs just there for some other reason?

Hello, as we have begun deploying Clearpass, we originally were running into the issue where mac auth and wired auth were running at the same time not allowing devices to connect to the network. Even though the return wired captive portal still persists, we were under the impression things were running normally. But now users are reporting that they are having to restart their computer every morning to get connected to the network, some have even stated it kicks them off the network during business hours. We are using Cisco 3850 switches, Aruba Wireless APs. Here is our policy map, template we are using on the port configs, and some logs from the wired captive portal being returned. If anyone has any idea or insight that would be very much appreciated. 

We also have noticed when we changed the dot1x timeout server-timeout lower, it caused devices using mac-auth to not authenticate in time resulting in no IP assignment.  Also this is occurring on devices that are daisy chained with an Avaya IP Phone.

Different device 

-------------------------------------------