Security

Reply
Regular Contributor I
Posts: 180
Registered: ‎12-17-2008

Error when authenticating admins from Instant AP to Clearpass

So following this guide: http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-authenticate-IAP-admin-user-against-CPPM-over-TACACS/ta-p/192931

 

And get an error in event viewer whenever a TACACS packet has been received.

 

Authentication failure: shared secret mismatch or bad tacacs packet from device=<snip>

 

The shared secret has been triple checked as correct. Clearpass is happily accepting RADIUS packets from these IAPs and also has other fully functioning TACACS services, so there doesn't appear to be any configuration issue, and the problem appear to be specific to the Instant AP which is running version 6.4.0.3. This error occurs regardless of whether the service is enabled or not, so it cannot be a service config issue.

 

Normally I would go to packet capture at this point but I don't think clearpass has this facility.

 

Anyone seen this before?


--
ACMA ACMP
Aruba
Posts: 1,545
Registered: ‎06-12-2012

Re: Error when authenticating admins from Instant AP to Clearpass

you can do a packet capture in the server manager. Make sure you have the correct vendor in the network device settings.

 

Screen Shot 2014-09-29 at 12.52.56 AM.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Regular Contributor I
Posts: 180
Registered: ‎12-17-2008

Re: Error when authenticating admins from Instant AP to Clearpass

Thanks Troy. Ouch, painful way to capture compared to cli but I'll give it a go.

 

The vendor is 'Aruba' even though this is Dell instant, no option for Dell

 

cheers


--
ACMA ACMP
Search Airheads
Showing results for 
Search instead for 
Did you mean: