Controllerless Networks

Part question and part comment, but wasted a good few hours yesterday with a deployment of IAP225 on latest code (4.1.0.1) with things not quite working.

 

Turns out that when I had dynamic radius proxy enabled it didn't work.  As soon as I disabled it, things worked fine.

 

Has anyone else come acros this?

Michael_Clarke,

 

When you turned it on, did ANYTHING get to the radius server?  Please be specific about did not work...

 

Yes, everything was getting to the clearpass fine. It was the responses that weren't getting back to the VC. I did a capture on the clearpass and they were being sent.

Routing was fine cause clearpass could ping the VC.

On the ap, the requests were just timing out.

Did you do a capture at the AP to see if it was being seen at the APs interface?  Is the IAP on the same VLAN as Clearpass?  Does the IAP have the correct subnet mask?

I didn't get a chance to capture at the ap..... Under pressure to get it working.

 

IAP and clearpass on different subnets, but they have the correct mask.

 

Basically, it's like this.

• In clearpass I changed the network device to be the iap subnet, rather than just the VC Address.
• Disabled dynamic radius proxy.
• Boom. Everything working.

 

 

When I updated to 4.1.0. 1 I had the same problem. The fix I found was to reboot the current master and let instant elect a new one. Once I did that Radius Proxy started working again.

 

To answer the question asked, in MY case No traffic was getting to the radius server until I rebooted the current master.

 

Alex