12-05-2014 12:33 PM
I have a master/local setup managing about 200 RAPs which all use the same exact profile from our controller. We recently upgraded from Cisco ACS to Clearpass for Authentication and I realized that all our hard wired connections were still pointing to ACS (Wireless is working fine). So we built the services and enforcement policies through CPPM and tested it out successfully. Last night I repointed the authentication for the hard wired connections from ACS to CPPM and saw it was accepting requests as it should. This morning however, users started logging on and I noticed several timouts and on the user end, they are recieving the error unauthenticated network. When I checked the indivicual users on the local controller, they repeatedly stated that the controller was reaching out to the client (the windows computer) for an EAP request with no response back. This happened with 30-40% of the connections out there even though they all have the same configuration.
It sounds like when I made the change, something broke on the client end, but I don't know what it is.
Any thoughts? I was thinking to reboot all of the RAPs along with both of the controllers this evening. Right now any users have been just switching to wireless as a workaround and if the reboot doesn't work tonight, I'm going to point it back to ACS.
12-05-2014 12:36 PM
12-05-2014 12:41 PM
If it's a new one, is it signed by the same CA.?
12-05-2014 01:02 PM
Our ACS was set up to not require certificates at the time. I know CPPM does require certificates for our Wireless and VPN connections, but the wired connection was set up by Aruba support, so I don't know. How do I check those settings?
12-05-2014 01:09 PM
How are the client's supplicants being configured? Manually or via group policy?
Do you have access to a client to look at the supplicant configuration?
12-05-2014 01:19 PM
We manage them through Group Policy. All client machines on the network are configured to not require a cert because they didn't under ACS.