Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
367
Views
0
Helpful
4
Replies

3850 Wired Auth and Mac Auth same time?

jscott01
Level 1
Level 1

‎08-07-2025 10:25 AM

Hello, as we have begun deploying Clearpass, we originally were running into the issue where mac auth and wired auth were running at the same time not allowing devices to connect to the network. Even though the return wired captive portal still persists, we were under the impression things were running normally. But now users are reporting that they are having to restart their computer every morning to get connected to the network, some have even stated it kicks them off the network during business hours. We are using Cisco 3850 switches. Here is our policy map, template we are using on the port configs, and some logs from the wired captive portal being returned. If anyone has any idea or insight that would be very much appreciated. 

 

We also have noticed when we changed the dot1x timeout server-timeout longer (originally 30), it caused devices using mac-auth to not authenticate in time resulting in no IP assignment.  Also this is occurring on devices that are daisy chained with an Avaya IP Phone.

 

jscott01_0-1754587239246.png

 

jscott01_1-1754587239226.png

 

 

jscott01_2-1754587239249.png

 

 

Different device 

jscott01_3-1754587239352.png

 

 

 

Labels:
0 Helpful
4 Replies 4

Joshqun Ismayilov
Level 1
Level 1

‎08-07-2025 11:58 PM

Hi @jscott01 

User below configs : 

dot1x timeout server-timeout 8
dot1x timeout tx-period 5
dot1x max-req 3
dot1x max-reauth-req 1
## add this one also 
authentication order dot1x mab
authentication priority dot1x mab

also you can change authentication timer reauthenticate server to authentication timer reauthenticate 86400

test it and you can share result .

Thanks !







0 Helpful

jscott01
Level 1
Level 1
In response to Joshqun Ismayilov

‎08-11-2025 06:09 AM

when I run authentication ? 

I only get the options for periodic and timer 

0 Helpful

MHM Cisco World
VIP
VIP
In response to jscott01

‎08-11-2025 09:35 AM

event session-started match-all
5 activate service-template DOT1X-MAB-TIMER
10 class always do-until-failure
10 authenticate using dot1x priority 10
20 authenticate using mab priority 20

!

!

service-template DOT1X-MAB-TIMER
inactivity-timer 600
session-timeout 3600

You use IBNS so config is different' I found above way to config session timeout (after this time user neeed ro re-auth)

Note:- use new policy name and apply it to one or two port and check' if it work apply to all port

MHM

0 Helpful
Customers Also Viewed These Support Documents