Security

last person joined: 7 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Instant CP using External Radius Server

  • 1.  Instant CP using External Radius Server

    Posted Aug 24, 2015 11:07 PM

    HI

     

    I using IAP 135 with Version: 6.4.0.3-4.1.0.1_45063

    I have created two SSID one is using WPA2-Enterprise and other is CP using the same external radius server + local database.

    I can successfully connect to WPA2-Enterprise SSID, but fail to use the same account in the CP.

    can anyone help?

     

    Thanks 



  • 2.  RE: Instant CP using External Radius Server

    Posted Aug 24, 2015 11:17 PM

    How can something be using an external radius server and the internal database at the same time?  How does that work?

     



  • 3.  RE: Instant CP using External Radius Server

    Posted Aug 24, 2015 11:48 PM

    Can I do that in order to have back up server?

    anyway, I have success to login the CP with the Radius account, but I cannot use Internal database for backup, and I need to do some config in Windows NPS .InstantCP.PNG

    Thanks

     



  • 4.  RE: Instant CP using External Radius Server

    Posted Aug 25, 2015 08:01 AM

    im missing a bit of a question in your last post.

     

    you did create the user in the internal database? how did you test it didn't work?

     

    using the internal database as a backup for the external radius doesn't feel like a very solid solution. it means you have to create user double.



  • 5.  RE: Instant CP using External Radius Server

    Posted Sep 01, 2015 03:16 AM

    Actually, I want some guest account store in Radius Server and some guest account store in local database for some reason, so I need two auth server (Radius+local DB) to do that, is that possible?

     

    Thanks



  • 6.  RE: Instant CP using External Radius Server

    Posted Sep 01, 2015 01:05 PM

    that depends if you can do a fall through on instant, so that if the first source fails with a deny it tries the next. you should be able to check for that on the GUI. if there isn't something like that and it is meant to prevent a server outage it won't work.