03-31-2017 04:11 PM
Hello, I am still trying to figure out connection between CP and the controller. I am working on a service that authenticates users using the AD, I can see on the access tracker that ClearPass is giving me the "accept" login status but for some reason the controller sends me to a different segment on the net. does this have to do with the controller roles?
I appreciate any help with this issue, thank you in advance
Solved! Go to Solution.
03-31-2017 04:22 PM
the default [Allow access profile] if the user is part of the development department
Authorization: BPI AD: Department EQUALS Desarrollo
Im still confused with role and profiles
03-31-2017 04:29 PM
03-31-2017 05:13 PM
Without knowing your network, this is difficult to troubleshoot.
Couple of things:
1) Are you using Aerohive or Aruba? Your profiler tab is using an Aerohive CoA. If you're using Aruba, you need to use the Aruba one.
2) When you say different segment of the network, what are you referring to? A VLAN?
3) What VLAN is configured on your virtual AP profile? What VLAN is the user expected to get?
03-31-2017 06:18 PM
1) well that may be one of the issues, im using an aruba controller.
2) the IP that i am getting once i get the accept login status is 169.254.132.150. I uploaded a png image showing the network details
3) Im using default VLAN 1 on all configurations
03-31-2017 06:48 PM
03-31-2017 06:59 PM
yes VLAN1 is the correct one and it is configured on the vap, I will check the forwarding mode on monday since im out of the office, thank you for your help Tim, have a good weekend
04-03-2017 03:56 PM
I managed to get the service working, I created an user role on the controller and used it as the 802.1X authentication default role on the AAA profile. Then created the Enforcement profile and Enforcement policy to use on the service, it seems that I was missing those steps. Also I had to modify the network connection to not verify the identity of the server by certificate validation. The service is working on Windows 7 machines but not on Windows 10. I'm still checking here on the forum for a solution on authentication with Win10 machines.