Network Topology
Topology
Problem Description
H3C S5130S connects to Aruba Clearpass for dot1x authentication
Process Analysis
H3C switches support standard dot1x and AAA authentication protocols, and support dot1x protocol docking with Aruba clearpass
Solution
1.1 Test Version
[S5130S-probe]dis sys int ver
H3C S5130S-28MP-EI V600R007B03D076
Comware V700R001B70D038SP36
[S5130S-probe]dis version
H3C Comware Software, Version 7.1.070, Release 6337
1.2 Test Configuration
Configuration for Radius + isp Domain
Enable dot1x/mac-auth
Configuration for interface
2. ClearPass details
2.1 ClearPass version:
2.2 ClearPass configuration
2.2.1 Create equipment and equipment group
Create equipment:
Create equipment group
2.2.2 Create local account
2.2.3 Role based Configuration
2.2.4 Create authorization
Create authorization policy
2.2.5 Create service
802.1x
Mac address
3. Authorized user online
3.1 User online and authorize ACL + VLAN
802.1x authorization result:
Result on clearpass
Authorization details
User status
Mac address on equipment
Display on clearpass
3.2 Modify the user"s role
User h3cdot1x get online as Employee, authorized ACL 3001 and VLAN 1000.
Modify the local user h3cdot1"s role as other
Configuration details
User re-login
Authorization result on equipment
Result on clearpass
