Wireless Access

Reply

clearpass not responding to instant radius requests

I'm going absolutely bonkers here cause I'm sure I had it working in the past.  My ClearPass does not respond to my Instant radius requests.  It responds to a controller fine, but just not the Instant AP I have.

 

  • I've added the VC into to the devices list with the correct shared secret.
  • packets are being received by CPPM according to a capture, but it just doesn't respond.
  • I've flattened the Instant and started again.  Same result.
  • I've deleted the Instant from the devices list in CPPM and readded.  Same result.
  • Same result for both users and 'aaa test' command.

Any suggestions please?


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com

Re: clearpass not responding to instant radius requests

Is there anything in the service/access tracker or the event log?

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Guru Elite

Re: clearpass not responding to instant radius requests

What's your NAS IP set to? Does it match in ClearPass? Are you seeing anything in the ClearPass event viewer?

 

You may have to set up Dynamic RADIUS Proxy so that it uses the same source IP no matter which AP is the VC.

 

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: clearpass not responding to instant radius requests

absolutely nothing in event viewer or anywhere else.  The controller based user did work, but there was still nothing for that either.

 

All I managed to do was get a packet capture to confirm the request are hitting clearpass.

 

And yes, dynamic-radius enabled and correct ip etc.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com

Re: clearpass not responding to instant radius requests

Do you have another RADIUS server you can test against?  Not sure why you aren't seeing anything for a WORKING user in accesss tracker.  That's odd.  

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos

Re: clearpass not responding to instant radius requests

the Windows Radius server responds fine.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com

Re: clearpass not responding to instant radius requests

I would go and collect logs (with the packet capture) and open up a TAC case...

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos

Re: clearpass not responding to instant radius requests

will do.  It's only a lab box, but I'm setting up for a demo at a trade event.  So far, not really much to demonstrate.

 

Although it's not a microsoft box, I've rebooted anyway.  See what happens.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Guru Elite

Re: clearpass not responding to instant radius requests


Michael_Clarke wrote:

will do.  It's only a lab box, but I'm setting up for a demo at a trade event.  So far, not really much to demonstrate.

 

Although it's not a microsoft box, I've rebooted anyway.  See what happens.


You should install NTradping http://www.novell.com/coolsolutions/tools/14377.html on a Windows laptop and test radius authentications to your ClearPass box to see if something is wrong.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: clearpass not responding to instant radius requests

Great tool Colin.  Unfortunately it didn't work on the Windows machine I tried. 

 

Strangely, it responds to the Instant now, so who knows what was going on before.  Nothing in access tracker though.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: