01-12-2017 02:08 PM
Today I was in a config where I have two master controllers and two local controllers. The two controller pairs are on differnt geographical locations. I got also 2 Clearpass Servers running in publisher, subscriber mode. The publisher is in the same location as the master controllers and the subscriber node is more or less at the same location as the local controllers.
What I try to achieve is that the local controllers use the subscriber node to authenticate the users they are serving and vice versa (master controllers -> publisher node). So far my setup works as desired. I can see that the authentication for a client on a local controller is performed by the subscriber node. But the I looked closer in the access tracker entry and I saw that the NAD device IP isn't the IP address of the local controller but the master controllers IP address.
In my understandig the request is sent (proxied) by the master controller (NAD IP).
So my question is: Is the request processed by the local controller then sent to the master to proxy it?
In my understanding all client traffic which comes from a AP connected to an local controller is handled by the local controller. Is there any exeption regarding the authentication traffic?
Is there any chance of a config change which I can do?
thanks in advance!!
ACCX | ACMP
Solved! Go to Solution.
01-12-2017 02:15 PM
If it is radius, it always comes from the controller that sent the authentication and it is not proxied. You can edit the NAD IP address to be anything in the server definition and maybe that is where your problem is. The NAS IP, however should be correct... Remove the NAD IP in the server definition and you should be good.
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.