Aruba Instant & Cloud Wi-Fi

Reply
Regular Contributor II
Posts: 232
Registered: ‎03-14-2012

Adding Instant Virtual Controller as a NAD Device on ClearPass

Hello All,

 

I have a Customer that has over 32 IAPs on there WLAN Network.

 

In these 32 IAPs, there exists 4 as Virtual Controllers (Customer's Network is split across 4VLANs). 

 

On ClearPass, I attempted to add the IP Address of the Virtual Controllers as the NAD Devices but we keep getting an error from both ClearPass and the IAPs indicating that they are not communicating with each other.

 

ClearPass for some reason keeps authenticating to each individual IAP. So when I add one of the IAPs it's attempting to authenticate, as a NAD, it works just fine.

 

Does this mean I need to add all 32 IAPs as NAD Devices? I would doubt that.

 

Any ideas?

 

Moderator
Posts: 681
Registered: ‎04-16-2009

Re: Adding Instant Virtual Controller as a NAD Device on ClearPass

In Instant hard set the VC IP address then enable "Dynamic Radius Proxy".  All authentication requests will now be sourced from the VC's IPA and you only need to add the one VC IPA.

 

IAP.jpg

Regular Contributor II
Posts: 232
Registered: ‎03-14-2012

Re: Adding Instant Virtual Controller as a NAD Device on ClearPass

Thanks Marcus.

 

Will give that a shot and let you know.

MVP
Posts: 706
Registered: ‎12-01-2010

Re: Adding Instant Virtual Controller as a NAD Device on ClearPass

I believe you also have to set the NAS-ID to your VC IP address inthe RADIUS server config:

 

RADIUS-server-iAP

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Regular Contributor II
Posts: 232
Registered: ‎03-14-2012

Re: Adding Instant Virtual Controller as a NAD Device on ClearPass

I configured the NAS IP Address as the IP Address for the VC. But not so sure what the NAS ID should be.

 

And should the NAS ID be unique for each VC and can it be any number?

 


msabin wrote:

I believe you also have to set the NAS-ID to your VC IP address inthe RADIUS server config:

 

RADIUS-server-iAP




MVP
Posts: 706
Registered: ‎12-01-2010

Re: Adding Instant Virtual Controller as a NAD Device on ClearPass

I'm sorry, I mis-spoke.  I typed before I pasted the screenshot.

I use the NAS IP Address, and not the identifier, so I don't know what the rule-of-thumb is for the ID.

 

Set the NAS IP, and the dynamic-radius and you should see that any AP in the cluster will claim to be the VC when it sends to the RADIUS server.

 

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Regular Contributor II
Posts: 232
Registered: ‎03-14-2012

Re: Adding Instant Virtual Controller as a NAD Device on ClearPass

Yep! That worked. 

 

I already had the Virtual Controller's IP Address configured. I just didn't have the Dynamic Radius Proxy enabled.

 

When I had this enabled, it worked like a charm.

Search Airheads
Showing results for 
Search instead for 
Did you mean: