Security

Hello, I am still trying to figure out connection between CP and the controller. I am working on a service that authenticates users using the AD, I can see on the access tracker that ClearPass is giving me the "accept" login status but for some reason the controller sends me to a different segment on the net. does this have to do with the controller roles?

I appreciate any help with this issue, thank you in advance

the default [Allow access profile] if the user is part of the development department

Authorization: BPI AD: Department EQUALS Desarrollo

Im still confused with role and profiles

The roles on the AAA profile are as follows

Initial role = logon

Mac Auth def role = guest

802.1X auth default role = authenticated

Without knowing your network, this is difficult to troubleshoot.

Couple of things:

1) Are you using Aerohive or Aruba? Your profiler tab is using an Aerohive CoA. If you're using Aruba, you need to use the Aruba one.

2) When you say different segment of the network, what are you referring to? A VLAN? 

3) What VLAN is configured on your virtual AP profile? What VLAN is the user expected to get?

1) well that may be one of the issues, im using an aruba controller.

2) the IP that i am getting once i get the accept login status is 169.254.132.150. I uploaded a png image showing the network details

3) Im using default VLAN 1 on all configurations

Is VLAN 1 the correct VLAN for your network?

Is VLAN 1 configured in the VAP profile?

What forwarding mode are your APs configured for?

yes VLAN1 is the correct one and it is configured on the vap, I will check the forwarding mode on monday since im out of the office, thank you for your help Tim, have a good weekend

I managed to get the service working, I created an user role on the controller and used it as the 802.1X authentication default role on the AAA profile. Then created the Enforcement profile and Enforcement policy to use on the service, it seems that I was missing those steps. Also I had to modify the network connection to not verify the identity of the server by certificate validation. The service is working on Windows 7 machines but not on Windows 10. I'm still checking here on the forum for a solution on authentication with Win10 machines.

yes I'm aware of that, ClearPass is not in a production environment, we use it for demos and testing purposes.