Security

Reply
Frequent Contributor II
Posts: 213
Registered: ‎01-19-2013

Authentication on Clearpass faild - Failed to classify request to service Error code 204

Hi,

 

I´ve set up clearpass in a test enviroment.

We´ve a 650 Controller with firmware 6.2.0.3.

CPPM  Version 6.0.2.24585.

 

When I make an AAA test from the Controller:


Capture.JPG

 

My CPPM shows thin in AccessTracker:

 

 

 

Capture1.JPG

 

What is wrong?

 

Maybe anybody have an idea.

 

Thanks

 

Guru Elite
Posts: 19,985
Registered: ‎03-29-2007

Re: Authentication on Clearpass faild - Failed to classify request to service Error code 204

Your services probably have something specific that a test authentication does not.  If your service has aruba-essid-name as an attribute, for example, a test does not have an ssid, so it will not be categorized.  Look in the details of the input tab of the failed message and compare it to existing services to see what you are missing.

 

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
MVP
Posts: 4,012
Registered: ‎07-20-2011

Re: Authentication on Clearpass faild - Failed to classify request to service Error code 204

 

 

I never seen this error but I am wondering if you have the ip source radius configured correctly on the controller .

 

(controller) #show ip radius source-interface

Global radius client source IP address = 10.10.10.1 ====> this should match the ip address you have configured in CCPM > Configuration > Network > Devices 

This is local configuration to each controller

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor II
Posts: 213
Registered: ‎01-19-2013

Re: Authentication on Clearpass faild - Failed to classify request to service Error code 204

Ok vfabian I checked it, there is the right ip address.


the problem is still there.

 

thanks

Aruba
Posts: 1,526
Registered: ‎06-12-2012

Re: Authentication on Clearpass faild - Failed to classify request to service Error code 204

Just as Colin stated your service is not being classified by CPPM.

 

You need to check your settings in the service to catch your auth request otherwise CPPM will just send a reject no matter what. 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Guru Elite
Posts: 19,985
Registered: ‎03-29-2007

Re: Authentication on Clearpass faild - Failed to classify request to service Error code 204

Leon123,

 

Let me be specific:  A service only classifies or handles an incoming authentication if the attributes of the incoming authentication contain elements in the service rules tab of that service:  In the service below, it is stipulating that the Aruba ESSID needs to be "Guest" for the incoming authentication.  I know for a fact that a test authentication does NOT have an SSID or WLAN component to it, so it will fail.  If you KNOW a service should be handing your test, take a look at the SERVICE TAB on the service and compare the INPUT tab of the failed authentication and make sure what the service requires is in the authentication.

servicerule.png

 

My test authentication below just like yours does NOT hsave an Aruba-Essid-Name radius attribute in the radius request so it would not be processed by that rule above.  That is because it is not a real client associated to a real wireless network.  You can remove the service rule that makes it too restrictive to your test authentication or you can create a new service that has the attributes of your test so that it gets classified:

 

radiusrequest.png

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
CmC
Occasional Contributor II
Posts: 11
Registered: ‎08-15-2010

Re: Authentication on Clearpass faild - Failed to classify request to service Error code 204

This 204 error occured for me when the source SSID name did not exactly match service rule value.  I learned that the value is case sensitive and must match source SSID name exactly.

 

Once case was matched, users were authenticating successfully.

Contributor II
Posts: 48
Registered: ‎07-04-2014

Re: Authentication on Clearpass faild - Failed to classify request to service Error code 204

I Have the the same problems but i don not get radius input:

 

 

Guru Elite
Posts: 7,852
Registered: ‎09-08-2010

Re: Authentication on Clearpass faild - Failed to classify request to service Error code 204

Is that a real authentication request or are you using the aaa test option?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor II
Posts: 48
Registered: ‎07-04-2014

Re: Authentication on Clearpass faild - Failed to classify request to service Error code 204

It was a real client. Solved it to include pre Auth radius settings in the authentication configuration. But got some other issues posted in other treads
Search Airheads
Showing results for 
Search instead for 
Did you mean: