Security

Reply
Contributor II
Posts: 59
Registered: ‎02-22-2011

ClearPass local RADUIS server

I was trying to setup a simple configuration with ClearPass as the RADIUS server using a local database. I just want to create a local radius user in ClearPass and  have a specific SSID point to the ClearPass IP to authenticate the user. By default the ClearPass evaluation isn't listening on the RADIUS ports and I configure a RADIUS service, but that didn't seem to do anything. Can ClearPass be a RADIUS server and where are the RADIUS configurations? 

MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: ClearPass local RADUIS server

By default, ClearPass should be using 1812/1813 for authenticaiton & accounting.  You can verify this under:

 

Administration > Server Manager > Server Configuration

Click on the server to take you to the server's configuration details.

Then, click on the Service Parameters tab.

Look for the drop-down menu at the top and select Radius server.

You should see all of the details for the Radius service.

 

When you open Access Tracker under Monitoring, do you see the authentication request being made?  If so, click on it.

In the window that popped up, look at the bottom half and you'll see Policies Used.  Is the line right below, Service: , blank or does it contain the name of the service you created?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Contributor II
Posts: 59
Registered: ‎02-22-2011

Re: ClearPass local RADUIS server

Thanks for the info and ClearPass was listening on the Radius ports by defult, the problem was I executed a port scan, but port scan only list tcp ports, not udp, so that was my mistake. I did check Access Tracker under Monitoring and I'm getting some Radius errors, so I'm not all the way there, but close. 

 

Bob 

MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: ClearPass local RADUIS server

Post back if you need assistance.
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite
Posts: 19,997
Registered: ‎03-29-2007

Re: ClearPass local RADUIS server


rgarlin wrote:

Thanks for the info and ClearPass was listening on the Radius ports by defult, the problem was I executed a port scan, but port scan only list tcp ports, not udp, so that was my mistake. I did check Access Tracker under Monitoring and I'm getting some Radius errors, so I'm not all the way there, but close. 

 

Bob 




 

Please see the video in the post here:  http://community.arubanetworks.com/t5/Technology-Blog/Watch-Advanced-quot-How-To-quot-Videos-on-Configuring-ClearPass/ba-p/41420

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Contributor II
Posts: 59
Registered: ‎02-22-2011

Re: ClearPass local RADUIS server

I have the local database working within ClearPass, but now having problems with use ldap as the authentication source. Since it's using ldap and not AD for testing I was using PEAP and EAP GTC as the inner method. On the wireless controller, I have those 2 authentication methods selected below Security -> L2 Authentication -> 802.1x Auth profile. In ClearPass I created a new Authentication Method with EAP-PEAP as the type and EAP GTC as the inner method. My client has Authentication as PEAP and the inner authentication as GTC, but I still get the following error in ClearPass:

 

PAP: User password not available
EAP-GTC: Authentication failed

 

I'm sure what could be configured incorrectly. 

 

Bob 

Search Airheads
Showing results for 
Search instead for 
Did you mean: