Security

last person joined: 20 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass and IAP Virtual Controller IP

This thread has been viewed 5 times

  • 1.  ClearPass and IAP Virtual Controller IP

    Posted Apr 03, 2013 10:57 AM

    I created a VirtualController for a group of IAPs. I can get to the VC and see my cluster of IAPs to manage through the assigned APs. I added the VC IP into ClearPass under Configuration->Network->Devices. I then created the radius servers on the IAP using the same shared secret and ensuring the correct IPs were used. When I try to connect to a SSID that requires radius auth through CP it fails and doesn’t hit CPPM.

     

    My next test was to take the IP of the AP and NOT the IP of the VC and add it to ClearPass. Once I did that and removed the VC IP for CPPM everything worked.

     

    Can clearpass use the VC IP to perform radius authentications?



  • 2.  RE: ClearPass and IAP Virtual Controller IP
    Best Answer

    EMPLOYEE
    Posted Apr 03, 2013 11:09 AM

    You need to enable Dynamic Radius Proxy so it always used the VC ip address.

     



  • 3.  RE: ClearPass and IAP Virtual Controller IP
    Best Answer

    Posted Apr 03, 2013 11:13 AM

    EDIT:    cjoseph beat me to it........

     

     

    You need to enable Dynamic RADIUS Proxy in the Settings:

     

    instant-radius-proxy.jpg



  • 4.  RE: ClearPass and IAP Virtual Controller IP

    Posted Apr 03, 2013 12:18 PM

    Thanks to bothof you for the solution! It works great!