Security

Reply
Occasional Contributor II

Clearpass Controller Authentication Attempts

Hi,

 

I'm finding that Clearpass is being bombarded by our two controllers.

 

Untitled.png

 

And the following from one of the controllers when I do a 'show log all | include 10.0.35.81'

 

Nov 15 10:23:36  authmgr[3945]: <522275> <ERRS> |authmgr|  User Authentication failed. username=001a1e01cfa0 userip=0.0.0.0 usermac=00:1a:1e:01:cf:a0 authmethod=MAC servername=clearpass01 serverip=10.0.35.81 apname= bssid=01:80:c2:00:00:03
Nov 15 10:23:36  authmgr[3945]: <522275> <ERRS> |authmgr|  User Authentication failed. username=001a1e01cfa0 userip=0.0.0.0 usermac=00:1a:1e:01:cf:a0 authmethod=MAC servername=clearpass01 serverip=10.0.35.81 apname= bssid=01:80:c2:00:00:03

 

001a1e01cfa0 and 001a1e01cf58 are the MAC address of both controllers.

 

Any ideas on what might be causing this?

 

Cheers

Shaun

Guru Elite

Re: Clearpass Controller Authentication Attempts

Are any of the VLANs or interfaces untrusted?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass Controller Authentication Attempts

Hi Tim,

 

Yeah I have one VLAN untrusted with my clearpass aaa profile assigned to it for captive portal which works fine but since configuring wired access I get all of these errors now.

 

What are your thoughts?

 

Cheers

Shaun

Re: Clearpass Controller Authentication Attempts

The message on the controller means that a device with that mac address was seen incoming on an untrusted port/vlan that has MAC authentication enabled. It could be that you have an L2 loop in your network that feeds traffic from the controller back in, or you have VRRP enabled on an untrusted interface.

 

Probably best is to find out where this traffic is coming from and check how to best resolve that in your design. If you don't have the troubleshooting skills, please contact your partner or Aruba TAC as having an understanding of how untrusted ports/vlans and authentication works in the Aruba controller is highly recommended to find a proper solution.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: