03-06-2015 06:33 AM
Dear all experts,
I'm implementing Clearpass with my customer. I'm implement 3 feature : dot1X, VPN and TACACS with my clearpass. They're work fine. However my customer have some AD servers on his office and he want clearpass to do backup authentication source feature. So i configured on "Configuration > Authenticaiton > Source > ..." . and create authentication source profile. After that i add backup1 and backup2 on this profile and set it to dot1X service , VPN service and TACACS service. Then i dio the testing and found that when i disconnect AD1 from network , dot1X and VPN still can authenticate but TACACS can't. However on thing that i found that dot1X and VPN authenticate with AD1 source , not AD2 , even AD1 just down. So i think they use local cache of clearpass for authentication. However TACACS can't authenticate. So i did "Clear cache" on this authentication source profile and try to test again. So i found that dot1X and VPN can correctly authenticate with AD2 but TACACS still can't authenticate too. So i must connect AD1 back again , all 3 services can authenticate with AD1 immediately by no need to clear cache anything. So could you please help me how to fix for TACACS to support backup AD authentication source to work.
03-07-2015 02:10 AM
Please open a TAC case. There could be something specific in your configuration that is preventing failover from happening, or it could be a bug.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs