04-29-2015 11:53 AM
Does ClearPass support an external RADIUS server as an authentication srouce? I checked under authentication sources by adding a new authenticaiton source. But I don't see an option under "Type" for "RADIUS Server". The only option that would possibly apply in my case seems to be the "Token Server".
The reason why I need this is that I have a use case where we may need to point to an external SteelBelt radius. I will try to convince the client to just replace that system with ClearPass but in the mean time...
I wonder if anyone has tried to setup an external RADIUS server as an authentication source in CPPM? And is Token Server the right option?
Solved! Go to Solution.
04-29-2015 12:27 PM
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
05-07-2015 07:28 AM
It looks like "Token Server" template may work to setup an external radius server. It looks like clearpass acts as a RADIUS proxy in this case. I set it up and did some tests with a bogus account and with clearpass packet capture i see the radius request go out with "AVP - proxy state" defined.. I also see the external radius sever sends "access-rejects" in response to the proxy requests. its rejected because I used a bogus account.
But seems like this would work... It makes sense since AmigoPod claimed that it could talk to external RADIUS servers a while back. I guess it doesn't matter anymore since 6.5 has explicit support for external radius. My guess is that its similar setup to the token server on 6.4.
Thanks for pointing out the 6.5 support bit. I'll play with that when I upgrade.