Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

IAP and CPPM guest access not authenticating

This thread has been viewed 2 times

  • 1.  IAP and CPPM guest access not authenticating

    Posted Aug 03, 2017 03:56 AM

    Hi

     

    setup :

     

    IAP

    CPPM

     

    Both latest versions.

     

    I have a working setup btw where we also use 72xx controllers in combination with the same CPPM for a guest access portal.

     

    Goal : reproduce the setup available on the controllers on an IAP

     

    Only remaining issue i currently have for the guest portal is the following...  I can connect to the IAP guest ssid, go to the CP guest authentication portal.  But after authenticating i always get the same authentication portal again.  I would expect some error to show up in CPPM Tracker, but nothing...

     

    As a reference, on the 72xx controllers this all works perfectly.  So i am authenticating with the correct credentials etc...

     

    On the IAP i see in the AP show log :

     

    Aug  3 07:36:48  tinyproxy[1759]: Closed connection between local client (fd:9) and remote client (fd:11), user 172.18.1.189(8c:70:5a:10:89:24) on 'deme-guests-test', user_authenticated=0
Aug  3 07:36:49  mini_httpd[4771]: handle_request: 2064: got nothing, child exit after 0 requests
Aug  3 07:36:50  syslog: main, 2634: opcode is show
Aug  3 07:36:50  mini_httpd[4775]: handle_request: 2064: got nothing, child exit after 0 requests
Aug  3 07:36:54  mini_httpd[4777]: handle_request: 2064: got nothing, child exit after 0 requests
Aug  3 07:36:57  mini_httpd[4778]: handle_request: 2030: SSL_accept fail, child exit after 0 requests parse error on header

    I guess here user_authenticated=0 means fail?  But why...?

     

    I added the IAP device to CPPM, and also added the ssid to the allowed list of Aruba-Essid-Name.  So no problem there.

     

    I'm not seeing any further errors.  Any hints?



  • 2.  RE: IAP and CPPM guest access not authenticating

    MVP EXPERT
    Posted Aug 03, 2017 05:26 AM

    Are you certain there is no entries in the Access Tracker or the Audit Trail? If the client is being rejected by CPPM then there would be an access tracker log. Connectivity from the IAP to the CPPM appears to be okay as you can see the Captive Portal. 

    What result do you get in you send a #aaa test-server from the IAP, do you see this appear in the Access Tracker?



  • 3.  RE: IAP and CPPM guest access not authenticating
    Best Answer

    Posted Aug 11, 2017 02:43 AM

    Apologies for the late reply.  Everybody likes the solution.  So cause was a firewall in between IAP and Clearpass appliance which was not allowing radius trafic.