Wireless Access

I'm working on implementing a new dot1x service with Clearpass in an existing wireless network. It looks like the radius replies are coming from the MM, but I thought it should come from one of the controllers. Upon further investigation on the controllers, I see that clustering is in L3 mode.

So I'm wondering:

1) should the radius response be coming from the controllers and not the MM?
2) if so, would the L3 clustering cause this behavior?
3) what is the impact on the AP's if I change it to a L2 cluster? IE: will they re-boot?



Thanks!

------------------------------
Steve
------------------------------

Hi,

Did you define the source address vlan to use under Authentication --> Advanced --> Radius Client for each controller?

------------------------------
Ayman Mukaddam
------------------------------

Original Message:
Sent: May 21, 2021 05:10 PM
From: Steve Cromie
Subject: L3 Controller Cluster

I'm working on implementing a new dot1x service with Clearpass in an existing wireless network. It looks like the radius replies are coming from the MM, but I thought it should come from one of the controllers. Upon further investigation on the controllers, I see that clustering is in L3 mode.

So I'm wondering:

1) should the radius response be coming from the controllers and not the MM?
2) if so, would the L3 clustering cause this behavior?
3) what is the impact on the AP's if I change it to a L2 cluster? IE: will they re-boot?



Thanks!

------------------------------
Steve
------------------------------

You may find that is just the NAS-ip that is being displayed.  Expand out the input tab to check.
Typically on setup that NAS-ip defaults to that of the MM.  You can change this at the node level with the below.

ip radius nas-ip nas-vlan <nasvlan>​

------------------------------
Michael Clarke (Aruba)
------------------------------

Original Message:
Sent: May 21, 2021 05:10 PM
From: Steve Cromie
Subject: L3 Controller Cluster

I'm working on implementing a new dot1x service with Clearpass in an existing wireless network. It looks like the radius replies are coming from the MM, but I thought it should come from one of the controllers. Upon further investigation on the controllers, I see that clustering is in L3 mode.

So I'm wondering:

1) should the radius response be coming from the controllers and not the MM?
2) if so, would the L3 clustering cause this behavior?
3) what is the impact on the AP's if I change it to a L2 cluster? IE: will they re-boot?



Thanks!

------------------------------
Steve
------------------------------

You should type "show lc-cluster vlan-probe status" to find out which VLAN(s) is not trunked properly to return your cluster members to L2 connected status.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: May 21, 2021 05:10 PM
From: Steve Cromie
Subject: L3 Controller Cluster

I'm working on implementing a new dot1x service with Clearpass in an existing wireless network. It looks like the radius replies are coming from the MM, but I thought it should come from one of the controllers. Upon further investigation on the controllers, I see that clustering is in L3 mode.

So I'm wondering:

1) should the radius response be coming from the controllers and not the MM?
2) if so, would the L3 clustering cause this behavior?
3) what is the impact on the AP's if I change it to a L2 cluster? IE: will they re-boot?



Thanks!

------------------------------
Steve
------------------------------