Wireless Access

last person joined: 9 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

CPPM IF-MAP - 401 Error

This thread has been viewed 4 times

  • 1.  CPPM IF-MAP - 401 Error

    MVP
    Posted Nov 14, 2017 04:46 PM

    Good afternoon,

     

    I'm trying to setup CPPM IF-MAP for additional profiling to ClearPass, but having some issues with establishing the connection. In most of the controllers, the status shows "401 error". I have tried doing the IP and port 443, which I thought might be a problem, so I tried the IP and port 80 and that also failed. I tried the hostname, but don't have DNS servers configured on the controller, so getting can't resolve name. When I do IP:443 or DNS:443 in my browser, it gives the same error. Any ideas why this isn't establishing? Not sure if I should use a different port or not. I've setup the user account in ClearPass, so I know that's valid, but not even seeing the request. Controllers use CPPM for RADIUS auth, so I know they can communicate.

     

    Controller is 6.4.4.16 and ClearPass is 6.6.5.



  • 2.  RE: CPPM IF-MAP - 401 Error

    EMPLOYEE
    Posted Nov 14, 2017 04:50 PM
    You have to use an FQDN with port 443.


  • 3.  RE: CPPM IF-MAP - 401 Error

    MVP
    Posted Nov 16, 2017 09:54 AM

    I was able to add DNS servers to the controller, and setup the IF-MAP using FQDN of Clearpass on port 443, but still getting Error 401 Unauthorized. ClearPass, by default, is setup to redirect to a guest page if you use just the FQDN, could that be related? Should I set the main page back to the default?



  • 4.  RE: CPPM IF-MAP - 401 Error

    EMPLOYEE
    Posted Nov 16, 2017 09:57 AM
    No, that doesn't matter.

    Did you give the local admin account you created for IF-MAP API Administrator privileges?


  • 5.  RE: CPPM IF-MAP - 401 Error

    MVP
    Posted Nov 16, 2017 09:59 AM

    I set it up as Super Administrator, does it need specifically API Admin?

     

    I changed it to API Admin for testing, but I don't see any requests in Access Tracker or Event Viewer. I don't think it's even getting that far.



  • 6.  RE: CPPM IF-MAP - 401 Error

    EMPLOYEE
    Posted Nov 16, 2017 10:10 AM
    You won't see anything in access tracker or event viewer. API Administrator is not required, but it is not recommended to give it super admin.

    Sounds like you have it configured correctly. I would open a TAC case.


  • 7.  RE: CPPM IF-MAP - 401 Error

    MVP
    Posted Nov 16, 2017 10:15 AM

    Ok, I will do that and if it gets resolved, I'll update the thread.

     

    Thanks.



  • 8.  RE: CPPM IF-MAP - 401 Error

    MVP
    Posted Nov 16, 2017 10:40 AM

    Does the ClearPass account have to be in the Admin Users or can it be in the Local Users as long as the role of API Admin is set?



  • 9.  RE: CPPM IF-MAP - 401 Error
    Best Answer

    EMPLOYEE
    Posted Nov 16, 2017 10:42 AM
    It has to be in Admin Users


  • 10.  RE: CPPM IF-MAP - 401 Error

    MVP
    Posted Nov 16, 2017 10:44 AM

    That was it. I was under the impression that the local account needed to do a login to ClearPass, and our service has Local User Repository as the auth source. In fact, when you mentioned it didn't show up in Access Tracker or Event Viewer, that made me think maybe it needed to be with the default apiadmin account. Added it and connection was established successfully.



  • 11.  RE: CPPM IF-MAP - 401 Error

    EMPLOYEE
    Posted Nov 16, 2017 10:51 AM
    I, personally, would make a new admin account with API Administrator privs instead of using the default apiadmin account.


  • 12.  RE: CPPM IF-MAP - 401 Error

    MVP
    Posted Nov 16, 2017 10:58 AM

    That's what I did, called it apiprofiler. Thanks for the help.