Security

Reply
Contributor I
Posts: 44
Registered: ‎03-10-2014

Aruba Controller and Palo PA500 Single signon

Dear all experts, I just tested SSO between Aruba Controller 3200XM (6.4.1) and PA500 (6.0.3). And i found some thing so strange. I used my notebook to connect wireless to 3200XM with dot1X, it's successful. And when i show user on 3200XM, it's correct. I tried to "show user ip-user-mapping all" on PA500 , it's correct too. But when i disconnected on my notebook and login dot1X  again with another user, it's successful. I show user on 3200XM, it's correct with the new user. But on PA500, it still be the old user. So first time i think it come from PA500 not updated it's database. But when i use debug command on PA500 , i found that don't have any update from Controller. And when i used "aaa user delete name xxx"  on 3200XM , it still not work too. But i use "aaa user dele all" on 3200XM , it's worked. After "aaa user delete all" on 3200XM, and i try to connect my notebook again with the new user. 3200XM sent update out to PA500. And on PA500 with "show user ip-user-mapping all" , it gave us for correct result too.

This problem is not happened when i tested between PA500 and Clearpass. Could you please advice me too. Thanks a lot.

Search Airheads
Showing results for 
Search instead for 
Did you mean: