Wireless Access

Hi,

 

for a customer I need to migrate their MM's to a different subnet. To limit risk of loosing configuration I set up a L3 redundant set of MM's

 

Primary MM (and it's vrrp peer) are using RADIUS mgmt authentication using Clearpass. I forced database sync to the secondary MM's

 

When I tried login in to the secondary MM with a RADIUS account, I noticed a login failed with no record in the Clearpass Access Tracker.

 

After logging in with the local admin account I noticed the GUI was sync'd. All login configuration is the same as primary. In the cli of the secondary the config settings are not the same .

 

show database sync does not show any errors

 

Attached pictures show the authentication servers. Notice the CPPM nodes are missing in the CLI

 

Current version is 8.5.0.3 Upgrade to latest will be done after some network changes are done.

 

Any solution how to fix this in 8.5.03? 

 

Thanks, Erik

 

Did you add the L3 MM mgmt IP in ClearPass?
Can you take a look in the ClearPass event viewer to see if there’s any errors related to the RADIUS authentication request coming from the L3 MM?



Thank you

Victor Fabian

Pardon typos sent from Mobile

Hi Victor,

 

yes I did and no, there's nothing coming up in the access tracker.

Check out the pictures. In the GUI the CPPM radius server entries are there, in the CLI only the default authentication server (internal) is there. Both Clearpass entries are missing.

 

Edit 23/10. In some documentation I found the command master-l3redundancy config-sync. This command is not known in 8.5.0.3 or might be hidden? In the same document I found some debug commands related to config-sync. I found a lot of config node not found errors in de secondary primary MM. I checked and rechecked IPSEC shared secrets and they are all fine.

 

Guess an upgrade is in order

 

rgds,

Erik

MM upgrade to 8.7.0.1 fixed the issue.