Security

Reply
Regular Contributor I
Posts: 238
Registered: ‎01-19-2013

Problems with Clearpass Radius Server -> Auth server timeout

Hi,

 

I´m new in Aruba Clearpass and I´ve a Problem with the Clearpass Radius auth.

 

Ok, the facts:


 I´ve a Aruba Controller 651 with code version 6.2.0.3

CPPM version 6.0.2.23328 and CP Guest with the same version.

 

I installd the CPPM appliance, I configured it like the example in the Aurba Wireless and Clearpass 6 Integration Guide (step by step).

 

When I connect to the Guest SSID, it redirect me to the captive portal. So far so good.

 

I can create a new account at the captive portal (self registration).

 

When I want to Login the messige Auth server timeout comes up.

 

Ok, I checked the shared secred, the NAS IP in CPPM, the Radius in the Controller, it all looks good.

 

On the CPPM under Access Tracker I´ve no Logs about a Login.

 

I don´t know what to do, I think the Radius on the CP Appliance is not working, but I can´t find any Radius logs.

I newly set up the appliance and configured it again, but there is the same problem.

 

Thank you!

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Problems with Clearpass Radius Server -> Auth server timeout

Please confirm you have defined your CPPM server group as the group for your active Captive Portal Profile:

 

Authentication --> Layer 3 --> Captive Portal Authentication Profile --> Your Profile --> Server Group

 

cp-server-group.png

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Regular Contributor I
Posts: 238
Registered: ‎01-19-2013

Re: Problems with Clearpass Radius Server -> Auth server timeout

Ok, I checked it but I think it is configured right.Taka a look at my screenshot.

 

The problems are still there.

 

 

 

Thanks

 

 

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Problems with Clearpass Radius Server -> Auth server timeout

[ Edited ]

I know you said there is no Access Tracker event.  Confirm there is no error in the Event Viewer regarding the Network Device on CPPM.  If there is a shared secret issue for example, it will show up here; not access tracker.

 

Have you successfully tested auth from the controller using AAA Diagnostics?

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

MVP
Posts: 520
Registered: ‎05-11-2011

Re: Problems with Clearpass Radius Server -> Auth server timeout

Verify the authentication is correct setup by using AAA test on the diagnostic section.

Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Regular Contributor I
Posts: 238
Registered: ‎01-19-2013

Re: Problems with Clearpass Radius Server -> Auth server timeout

Under CPP Monitoring Event Viewer is no log in event or any wrong login.

Unbenannt.JPG

 

 

When I using AAA test on the diagnostic section of the controller the same problem.:

Unbenannt1.JPG

 

I don´t know what is wrong.?

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Problems with Clearpass Radius Server -> Auth server timeout

 

Your screenshot shows "authentication failed".   If that is accurate, then it means it is talking to the RADIUS server and authentication failed or service categorization failed.   If it said AAA Server Timeout, then it is likely to be a shared secret or connectivity issue (UDP 1812/1813).

 

When you did that AAA test authentication, did you get an event in Access Tracker?

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

MVP
Posts: 520
Registered: ‎05-11-2011

Re: Problems with Clearpass Radius Server -> Auth server timeout

The server to test against is Internal on that screenshot. It should be the server entered in your Clearpass-group.
That aside... I'm thinking there might be an issue with the redirect from the clear pass back to the controller.

Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Regular Contributor I
Posts: 238
Registered: ‎01-19-2013

Re: Problems with Clearpass Radius Server -> Auth server timeout

When you did that AAA test authentication, did you get an event in Access Tracker?

 

Nothing, the Access Tacker shows nothing.

 

Unbenannt.JPG

 

 

I don´t understand.

 

 

@solb

? I'm thinking there might be an issue with the redirect from the clear pass back to the controller.?

 

Ok, but what can I do?

 

How can I check this?

MVP
Posts: 520
Registered: ‎05-11-2011

Re: Problems with Clearpass Radius Server -> Auth server timeout

Well. First step is to atleast get a succesful authentication from the AAA test server diagnostics. Try self-regiatration and then use that account to authenticate with from AAA test server. If that works, then you might want to double check your services. Make sure there is no value from the default left. Ie. default web auth service has a specific ssid it checks for and no match means it just drops the traffic. Typical issue when you dont see anything in the access tracker is that no service matches the request you have performed. Can you verify that in your web auth service you have either no ssid defined or that it is matched against the name of your ssid? Mvh John Solberg

Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
Showing results for 
Search instead for 
Did you mean: