Security

Hello, I wondered if someone had encountered this before.

I added a new switch to the device list in clearpass 6.6.9

Very oddly, the publisher rejects the radius requests saying it is an unknown NAD.  But it isn't and is correctly set up.

The switch sees the failure on the publisher and moves onto the subscriber, which then allows the authentication as it should do - detecting the device is in the device list.

It seems the publisher is ignoring the new device I entered, does a service need a restart on the publisher perhaps?

Are you sure, the request is coming from same switch device which you have added in CPPM? Generally we see this message if device is not added to CPPM.

Check event veiwer and also access tracker and check from which NAS IP request is coming and add that device.

Yes - it is correct - already added.  it works on the subscriber, but the publisher is acting as if the entry isnt there.

ERROR:

RADIUS authentication attempt from unknown NAD 192.168.21.3:1813

The device 192.168.21.3 is set up in devices.

The subscriber authenticates the device but the publisher acts as if it is not there.  Which is odd as the subscriber will get the device list from the publisher.

there are no rejections from access tracker as it is rejected before it gets there.

must be a bug in clearpass.

Restarted the radius server and the new device started to function normally