Security

Reply
Highlighted
Occasional Contributor I

CPPM integration with Ruckus

Hi!

 

I'm trying to integrate CPPM with Ruckus Wireless solutions and Dell Switching solutions.

 

So, I have some questions to ask:

 

802.1x with Dell Switches = Works fine, just need to known if I can redirect users to Onguard portal with some url redirect.

 

802.1x with Ruckus Wireless = Can't authenticated users with 802.1x. I follow the same setup as an IAP, with some changes to compliance with Ruckus. On IAP works fine, but when a use Ruckus, the client shows authenticated on CPPM (so, Services are correctly configured) but still can't connect on network.

 

Onboard with Ruckus Wireless = I use the option of two SSIDs, one for Onboard and another for clientes Onboarded. On SSID Onboard, I configure the captive portal device_privisioning.php and the user can install the certificate/profile. When the user tries to connect on SSID Onboarded, I stuck because the same problem with 802.1x.

 

Guru Elite

Re: CPPM integration with Ruckus

- What model Dell switches?

- Please post screenshots of your configuration

- Have you reached out to your Aruba Clearpass partner?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: CPPM integration with Ruckus

Hi, thanks for your response.

 

- What model Dell switches?

Dell Switches N3000 Series and Powerconnect Series.

 

- Please post screenshots of your configuration

Follow attached.

 

- Have you reached out to your Aruba Clearpass partner?

Yes, they are researching internally with the team.

 

I download the Clearpass POC Kit and I can't see any documentation to use CPPM with Ruckus.

 

 

Guru Elite

Re: CPPM integration with Ruckus

Unforutnately I don't have a Dell N-series switch to test with but from a quick glance at their docuemtnation, they don't appear to support external captive portal redirect. In this case, you would need to use their internal captive portal and point the authentication piece to ClearPass, or you'd need to investigate using wildcard DNS if external redirect to ClearPass is required.

 

For Ruckus, they should be accepting a generic IETF Access-Accept message. What do the logs on the Ruckus controller show?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: CPPM integration with Ruckus

Well, this is weird.

 

At Ruckus Controller I see the message:

User[d4:f4:6f:a1:e9:7c] failed to log in. No permission or incorrect credentials.

 

With this same credentials I can authenticate on IAP.

 

 

PS.: This settings may be different from screenshoot I post because now I'm testing in my lab environment.

Occasional Contributor I

Re: CPPM integration with Ruckus

Hi!

 

someone?

Occasional Contributor I

Re: CPPM integration with Ruckus

Hello,

 

Just an update. I've got this logs from Ruckus, CPPM and a Packet Capture from Ruckus to CPPM.

 

PS: Just rename the PacketCapture.png to PacketCapture.pcap

Occasional Contributor I

Re: CPPM integration with Ruckus

Well, I found a KB article at Ruckus Support that solve my problem. And, it's simple.

 

Question
User [MAC address of the Client] failed to log in. No permission or incorrect credentials.'
 
Resolution

The solution to resolve the issue when we see the ;og 'User [MAC address of the Client] failed to log in. No permission or incorrect credentials.':

When we see the below logs in the ZD GUI::Monitor::All Events/Activities, we need to check whether the WLAN to which the user is connecting has been checked in the default role list or not. If the WLAN haven't checked in the default Role list we get the below error.

User [MAC address of the Client] failed to log in. No permission or incorrect credentials.

User [MAC address of the Client] failed to log in. No permission or incorrect credentials.

User [MAC address of the Client] failed to log in. No permission or incorrect credentials.

User [MAC address of the Client] failed to log in. No permission or incorrect credentials.

When the users are connecting they will be assigned to “Default” role and if they do not see that the specific WLAN in the default Role list then it throws a above message, so please make sure that you select all the WLANs in the default role of the Zone Director. To configure that --> please go to ZD GUI::Configure::Roles:: 'Default' Role and select radio button for 'Allow access to all WLANs' and save it.

New Contributor

Re: CPPM integration with Ruckus

Is it possible to Integrate Aruba Clearpass with Ruckus SmartZone 100 Virtual Controller ? please share me the documentation for this integration.

Thanks

 

Rgds,
Jefri

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: