Please work with your Aruba partner, or Aruba Support (TAC). The Blocked by AAA messages are part of the normal process, but the port should go 'online' quickly after that message.
With interactive troubleshooting, this probably is easy to solve. It's much harder to solve in this forum by asking back and forth.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Dec 28, 2021 07:01 PM
From: Amr Abo Hashima
Subject: ip didn't appear after auth witn CPPM
hi, yes I checked it before already but unfortunately, nothing changed
------------------------------
Amr Abo Hashima
Original Message:
Sent: Dec 28, 2021 04:45 PM
From: Ulises Cazares
Subject: ip didn't appear after auth witn CPPM
Hi, check this thread I think is what is happening in your environment
https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=21374
Hope this helps
------------------------------
Ulises Cazares
Original Message:
Sent: Dec 28, 2021 03:53 PM
From: Amr Abo Hashima
Subject: ip didn't appear after auth witn CPPM
unfortunately, I tested it but still, the same issue Exist some ports Blocked by AAA
------------------------------
Amr Abo Hashima
Original Message:
Sent: Dec 28, 2021 09:28 AM
From: Ulises Cazares
Subject: ip didn't appear after auth witn CPPM
Please check the following document and make sure you are not missing any commands and for now remove the radius server with the IP ending in 33 that is jus timing out and test again
Regards
------------------------------
Ulises Cazares
Original Message:
Sent: Dec 28, 2021 08:59 AM
From: Amr Abo Hashima
Subject: ip didn't appear after auth witn CPPM
forgot to share it so sorry.
Kindly check it
------------------------------
Amr Abo Hashima
Original Message:
Sent: Dec 28, 2021 08:37 AM
From: Ulises Cazares
Subject: ip didn't appear after auth witn CPPM
Hey, you didn't share the switch's config. If the issue is with some ports on the same switch please share all the config.
------------------------------
Ulises Cazares
Original Message:
Sent: Dec 28, 2021 04:27 AM
From: Amr Abo Hashima
Subject: ip didn't appear after auth witn CPPM
hi, ulises
Kindly check the attachments for CPPM and a sample from one switch
------------------------------
Amr Abo Hashima
Original Message:
Sent: Dec 27, 2021 11:12 AM
From: Ulises Cazares
Subject: ip didn't appear after auth witn CPPM
Please share the switch's config and the IP of the CPPM. Also, share the images form the accesss tracker from one of the macs that appeared there: the sumary, the input, output and alerts (if any) tabs
------------------------------
Ulises Cazares
Original Message:
Sent: Dec 26, 2021 11:12 AM
From: Amr Abo Hashima
Subject: ip didn't appear after auth witn CPPM
look here we have a number of ports up but not all of the ports authenticated some authenticated on CPPM and others blocked by Switch ! and no logs on Cppm for those Macs. I don't know why this happened and tried many configurations
------------------------------
Amr Abo Hashima
Original Message:
Sent: Dec 21, 2021 08:04 AM
From: Ulises Cazares
Subject: ip didn't appear after auth witn CPPM
Hi, you can see there there is only one reject so your issue shouldn,t be authentication but in order to be sure ypu need a debug output No a show output to see waht is happening between the switch and Clearpass.
If you share the debug output when a client is trying to authenticate we may be able to figure out what's happenning.
Share the log you get in clearpass for the authentication attempt and the switch config
------------------------------
Ulises Cazares
Original Message:
Sent: Dec 21, 2021 04:29 AM
From: Amr Abo Hashima
Subject: ip didn't appear after auth witn CPPM
hi
kindly check the snapshot form command it showed me that one rejected or time out but I didn't receive any reject or failed logs on cppm
------------------------------
Amr Abo Hashima
Original Message:
Sent: Dec 20, 2021 04:16 PM
From: Ulises Cazares
Subject: ip didn't appear after auth witn CPPM
Please enable and share the radius authentication debug, not only the show log...
The commands to debug the radius messages should be similar to this.
debug security port-access authenticator
debug security radius-server
Regards
------------------------------
Ulises Cazares
Original Message:
Sent: Dec 20, 2021 04:01 PM
From: Amr Abo Hashima
Subject: ip didn't appear after auth witn CPPM
Hi ulises
They got right authentication on switch and no reject logs on clearpass.
Just blocked AAA on switch log and I don't now why
------------------------------
Amr Abo Hashima
Original Message:
Sent: Dec 20, 2021 03:50 PM
From: Ulises Cazares
Subject: ip didn't appear after auth witn CPPM
Hi, you could see the reason, maybe, in 2 places:
1.- Debug the radius authentication packets in the switch to know why the switch is blocking the port.
2.- Check in Clearpass in Access tracker to see the reason of the reject, if any.
Hope this helps
------------------------------
Ulises Cazares
Original Message:
Sent: Dec 20, 2021 03:07 PM
From: Amr Abo Hashima
Subject: ip didn't appear after auth witn CPPM
Dears
i still facing this issue but in a different behaviour! we integrated the switches ( 2930M) i just found in logs that some ports Blocked by AAA !! i dont now why tried bounce the port but still while enabling the port the switch blocked it by AAA i need to found solution ASAP the tac still search in this case .
note :
i configured ip client tracker and changed arp-age and probe-dely too but nothing happened.
------------------------------
Amr Abo Hashima
Original Message:
Sent: Dec 09, 2021 08:15 PM
From: Amr Abo Hashima
Subject: ip didn't appear after auth witn CPPM
hi
we have access switches and APS & Access control, etc... authenticated from Cppm ... after the authentication switch appears some IPs and not appear others.
tried many things to check this issue ((upgrade firmware, change configuration & authentication commands)) but still the same issue while the core switch can reach them all but access switches not.
Kindly check the attachments
------------------------------
Amr Abo Hashima
------------------------------