Security

Reply
Occasional Contributor I
Posts: 7
Registered: ‎05-24-2012

redirect problem with radius auth

Hello,

 

We have aruba clearpass with Nortel 2380 NAS. Aruba is connected to management network and LAN, switch is also connected to management network and same LAN as aruba. I have made webportal redirect from switch to aruba and I have radius configured.

Redirecting clients to aruba portal is working fine, but radius authentication is looping back to aruba portal and I don't see any logs entries in aruba radius debug log.

When I try to test radius authentication from switch to aruba I see authentication request coming from switch LAN IP but switch is declaring its NAS-IP-address as management network ip. I also see this management network IP on captive portal URL as portal_id=xx.xx.xx.xx why is that?

 

captive portal URL: http://aruba.test.cc/confirmation.php?portal_ip=172.16.8.130&client_id=1c:65:9d:68:d3:d4&wbaredirect=http://www.google.com/

 

testing radius from switch to radius

Aruba LAN IP 192.168.134.4

Nortel 2830 switch LAN IP 192.168.134.3

Nortel 2830 management IP: 172.16.8.130

 

radius debug log http://dl.dropbox.com/u/41978197/radius_debug.txt

 

can someone please point me to right direction?

 

thanks,

Kristjan

   

MVP
Posts: 512
Registered: ‎05-11-2011

Re: redirect problem with radius auth

 

Well - the controller use it's default IP for radius communication, so this is the one you'll have to add as Radius NAS device on Clearpass. It should say in the Clearpass Radius log that it rejects the login due to unknown device, and you'll see the IP address of your Controller.

 

For Aruba Controller you have the option to say which IP or VLAN to use for Radius communication, but I never got that to work so instead I changed the default controller IP to the one in the corresponding vlan.


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Aruba Employee
Posts: 37
Registered: ‎11-04-2011

Re: redirect problem with radius auth

Assuming you are using ClearPass Guest and not Policy Manager, what do you have configured in the weblogin page for Vendor Settings and Address? It sounds like the credentials being submitted in the captive portal form are not being posted back to the Nortel NAS.

MVP
Posts: 512
Registered: ‎05-11-2011

Re: redirect problem with radius auth

 

Or the Radius isn't configured to be the authentication server for the login-role on the NAS - however that is handled on Nortel :)

Reason is that you would see if the NAS tried to authenticate the user after the redirect even if it's denied on the Clearpass Radius as unknown radius device.

 

 


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
Showing results for 
Search instead for 
Did you mean: