Security

Reply
Regular Contributor II
Posts: 232
Registered: ‎09-11-2013

Clearpass and Juniper comtroller

Hi All,

 

I have CPPM 6.3. My wireless is Juniper and the controller is Juniper 880R running code 8.0.3.

When I create a new SSID for guest and point it to the web portal I created on CPPM and have a machine connects to that SSID, the connection is successful (VLAN working fine) and it gets an IP from the guest subnet but it fails to redirect anywhere!!

I get "requested server not found due to DNS timeout"

When I connect to any other SSID on the network and I navigate to my CPPM web portal, I can go there with no issues.

On the Juniper controller by default there is an access list that works for the guest SSID to only allow udp BOOTP client port68 to destination BOOTP server port67. Unfortunately this ACL do not work with CPPM I assume that the CPPM BOOTP server port is not 67!!

 

Any help is really appreciated.

 

 

 

Regular Contributor II
Posts: 232
Registered: ‎09-11-2013

Re: Clearpass and Juniper comtroller

I called support on this and they weren't that helpful. for so odd reason they told me that I need an Aruba controller with a valid support contract in order for them to help me!! I find this odd because there is no aruba controller involved on the setup, it is Juniper and clearpass. They emailed me a list of ACLs that usually on AOS for clearpass traffic-I wasn't able to make sense of off these ACLs because I'm on a Juniper controller.

 

Still waiting for some input.

MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: Clearpass and Juniper comtroller

not sure if you still have this issue, but i would just contact support again and provide your clearpass serial number and explain this issue again.

 

for the rest it sounds you need to modify your ACL to allow DNS and HTTP(S) to the clearapss.

MVP
Posts: 762
Registered: ‎03-25-2009

Re: Clearpass and Juniper comtroller

[ Edited ]

Did you ever get this resolved, and if so, remember how? 

Got the exact same issue.

 

Both Aruba and Juniper controllers with Clearpass portals.

Aruba works fine (offcourse).

When connecting via the juniper however I always get that same error (error 504 - the requested server was not found due to DNS timeout).

 

The thing is..  the client pc can resolve the clearpass hostname wihout problem! ACL allows dns and http(s) to clearpass.

When I replace the hostname with the ip address all works fine.

 

I'm realy curious as to what is exactly spewing this error. Not the client since it can resolve just fine. I'm guessing the Juniper WLC itself which would be weird aswell as it is configured with correct dns info.

More weird stuff.. even when I configure the juniper web portal login page to use an ip address it spews this error?!

 

 

EDIT (sollution):  within the wireless serice the web-portal ACL is configured. Make sure to allow DNS and Clearpass here.  Customer had replaced this ACL :(

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: