If you see it timeout in the AP and nothing in Event Viewer or Access Tracker, the request is not reaching the ClearPass server (have not seen exceptions to that 'rule'). It could be that the AP is configured with the wrong RADIUS server IP, or there is a routing issue or firewall in between the AP and ClearPass blocking the traffic.
What you could do to make sure is on the ClearPass in the Server Manager run a 'Collect Logs' and include a packet capture. When you open it in Wireshark you can filter on port 1812 to see only RADIUS and I'm quite sure that you will not see traffic from your AP or VC.
Can you ping the ClearPass server from your AP?
Check the path between the AP and ClearPass and see where the packets are lost.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Mar 15, 2021 07:15 AM
From: Shivam Ojha
Subject: Aruba 515 access point
I have done all of that but unable to see anything on access tracker or event viewer .I contacted tec team they said that request is going to the clearpass pass but in return getting time out. Please find attached image.
Orbit Techsol (W) PVT LTD
Original Message:
Sent: 3/15/2021 6:37:00 AM
From: Herman Robers
Subject: RE: Aruba 515 access point
If you have enabled Dynamic Radius Proxy (which is near the Virtual controller IP configuration in the Instant WebUI) you will need to add the VC IP as Network Device in ClearPass. If not, you will need to add all of your AP IPs in ClearPass (can be the IP subnet) as Network Device.
Please follow the steps that Dustin mentioned, it will check an issue with the Network Device configuration (Event Viewer) or Service (Access Tracker). In case you don't feel comfortable and are new as you mentioned, it may be wise to contact your Aruba partner or Aruba TAC Support for the fastest and most efficient resolution.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
Original Message:
Sent: Mar 13, 2021 02:34 PM
From: Shivam Ojha
Subject: Aruba 515 access point
I have added the IAP devices in clearpass under network - devices- add device shared key is same on clearpass and vertual controller. I doubt if I have to add vertual controller ip to clearpass services.
I don't know I am actually new to this technology please suggest
Orbit Techsol (W) PVT LTD
Original Message:
Sent: 3/13/2021 2:06:00 PM
From: Dustin-Burns
Subject: RE: Aruba 515 access point
There could be many different things to look at here. I would start by making sure the IAP VC address (if using Dynamic RADIUS proxy in the cluster) or all of the AP addresses are added into clearpass with the same shared secret configured on the IAPs.
1. Take a look at the event viewer in clearpass and see if the radius shared secret is mismatched.
2. Look at access tracker. See if you can see the authentication attempts. From here you can see what policy they are hitting.
3. If they are not being matched to a service. Then you need to modify or create a service to match the authentication attempt
4. Once you can get the device to the right service, you can then start taking a look at role mapping and enforcement.
------------------------------
Dustin Burns
Original Message:
Sent: Mar 13, 2021 01:52 AM
From: Shivam Ojha
Subject: Aruba 515 access point
I have created one SSID which is working fine
But when I create SSID with clearpass authentication, users are not able to connect.and I can't even see any request on clearpass pass.
They are using mojo access point in the network ,is it possible that mojo is blocking Aruba access point.
Do I have to remove all their existing mojo access point in order to work Aruba access point. they want to add Aruba access points in the same network .
Orbit Techsol (W) PVT LTD
Original Message:
Sent: 3/11/2021 11:47:00 AM
From: Dustin-Burns
Subject: RE: Aruba 515 access point
You can create a DHCP scope on the IAPs, and Source NAT the users to the AP IP address. This will make sure you don't hand out IPs to the Cisco Clients.
Does that make sense?
------------------------------
Dustin Burns
Original Message:
Sent: Mar 11, 2021 08:10 AM
From: Shivam Ojha
Subject: Aruba 515 access point
Actually this the client requirement they already have 10 access points running now they purchased 3 Aruba access points .they want to replace one other vendor's access point with Aruba and want to add other 2 Aruba access points to the network .
Can I create same DHCP server on Aruba access points as other vendor's access points are using for clients.?
Orbit Techsol (W) PVT LTD
Original Message:
Sent: 3/11/2021 8:01:00 AM
From: Dustin-Burns
Subject: RE: Aruba 515 access point
Aruba Access Points can work on the same wired network as other vendor APs. Instant APs can form a cluster, and you can also terminate Campus APs to a controller as well. You will not be able to join the Aruba APs to another vendors controller, or virtual cluster. You would be running two wireless systems in the same space. Keep in mind that this will cause some roaming headaches for the clients. You will hear complaints of connection drops, because the client will hard roam to an AP from another vendor. They would start association and authentication all over again on each roam.
Is there a reason why you want to run two vendors at the same time?
------------------------------
Dustin Burns
Original Message:
Sent: Mar 11, 2021 05:42 AM
From: Shivam Ojha
Subject: Aruba 515 access point
Hello team,
We have 10 other vendor access point .we want to replace 1 access point with Aruba access point and want to add 2 Aruba access point to the network .
We use clearpass for authentication
------------------------------
Shivam Ojha
------------------------------