Wired

last person joined: 17 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

ARUBA-Cisco switch - Monday morning authentication issue

  • 1.  ARUBA-Cisco switch - Monday morning authentication issue

    Posted Nov 28, 2017 08:51 AM

    Calling all ARUBA gurus.

     

    Hello.

     

    I have had this issue with Clearpass NAC system for last 3 years.

    Aruba TAC has confirmed his is not a aruba system issue. 

     

    May I request anyone with experience in Aruba-Cisco environment to shed some lights on this please.

     

    We have Aruba Clearpass 6.6.8. In 2015 we had 400+ pcs with clearpass onguard agent on. On every monday ( after 2 days of holiday in the UK ) random pcs would not let user logon saying - logon server could not be found - same scenario as you would lose network connection. Only happened on Monday mornings. We had Aruba TAC looked at this issue and they had increased the machine authntication cache time to 72 hours instead of 24. But still we had some issues - like I mentioned it was random on random pcs in random vlans. To get user working we had to then remove .1x config from the cisco switch port. Once authenticated, we could then place the config back and the pcs would be fine until next monday morning.

     

    Any one else had this issue ? TAC said - They are not aware of anyone having this issue but us.

     

    Now, we had to deactivate NAC due to some issues last year. We have now started deploying onguard agetn again. And like last time we did not have any issue until couple of weeks ago and one pc came up woth exact same error. We have 3500 pcs and having this issue monday morning will not look very good us IT guys. We have 350+ laptops on wireless and they are fine. 

     

    Any ideas people ?

     

     



  • 2.  RE: ARUBA-Cisco switch - Monday morning authentication issue

    Posted Nov 28, 2017 09:37 AM

    Are you running EAP-TLS or EAP-PEAP?

     



  • 3.  RE: ARUBA-Cisco switch - Monday morning authentication issue

    Posted Nov 28, 2017 09:56 AM

    We are using Eap-peap mschap v2.

     

    We do machine authentication and User usthentication.

     

    Thanks torelo.



  • 4.  RE: ARUBA-Cisco switch - Monday morning authentication issue

    Posted Nov 28, 2017 10:03 AM

    So I assume the CPPM is joined to the Domain and has some Backup-Servers in the list?

     

    Try unjoin and rejoin the domain.



  • 5.  RE: ARUBA-Cisco switch - Monday morning authentication issue

    Posted Nov 28, 2017 10:09 AM

    Yes we have 2 ha pair in 2 sites.

     

    We have had the server leave and join doimain when were upgrading to 6.6.8.

     

    Any more ideas ?

     

     



  • 6.  RE: ARUBA-Cisco switch - Monday morning authentication issue

    Posted Nov 28, 2017 10:12 AM

    Could you share the Access-Tracker Output and the Service Configuration?

     



  • 7.  RE: ARUBA-Cisco switch - Monday morning authentication issue

    Posted Nov 28, 2017 12:25 PM

    Hi Sven,

     

    Which ones do you want to see - one happening at the time when user had failed login ?

     

    Which service config do you want to see - the one wired users use ?

    Regards,

    Sheikh



  • 8.  RE: ARUBA-Cisco switch - Monday morning authentication issue

    Posted Nov 28, 2017 02:06 PM

    The problematic Service and AccessTracker log

    Sven