Wired Intelligent Edge

last person joined: 16 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

CPPM applying send radius accept to 2930f

This thread has been viewed 2 times

  • 1.  CPPM applying send radius accept to 2930f

    Posted Oct 29, 2018 10:35 PM

    Hi all, I am attemping to setup LUR using CPPM, 2930F and a 7030 controller. There seems to be a problem with the CPPM communicating to the switch, if I attempt to use onconnect to query for the ports I get an error saying "check IP and snmp community". I have been through that several times even deletting the switch and adding back with the same result. If I turn on snmp debug on the switch it gives an error saying "AuthManager returns CONNECTION_AUTH_INVALID"  but displays it as v1. They seem to talk oneway via radius, if I capture at the CPPM the CPPM sends back radius accept messages but the switch seems to ignore then sends another radius request. After several attempts it gives up and stops sending. Once again I have removed the switch, deleted the radius configure from its config and added again with no change. I am sure I have missed something simple, or maybe not. The switch is running 16.07.0002 and CPPM is 6.7.7. I haven't even got to the controller yet as when I use show port-access clients it shows them going through dot1x, mac a few times then an ad joined client stays at denyall policy.

     

    Any suggestions welcome.

    Thanks



  • 2.  RE: CPPM applying send radius accept to 2930f

    EMPLOYEE
    Posted Oct 30, 2018 09:12 AM
    You should not be using OnConnect with Aruba switches. Did you follow the ClearPass Solution Guide for Wired Policy Enforcement to set up MAC auth?


  • 3.  RE: CPPM applying send radius accept to 2930f

    Posted Oct 30, 2018 02:59 PM
    Hi Tim, yes I did use the wired deployment Guide 2018 vers, apologies I meant to note that. I was only using onconnect to try and fault find. There are snmp read errors in the event viewer of CPPM and onconnect seemed to be the only way to cause a consistent snmp event to test. The problem I am trying to resolve is the captures on the CPPM show it send radius responses but the switch doesn't do anything with them. I have removed all radius info from the switch and readded, removed the switch from CPPM and readded. Changed the radius key at both ends but still nothing at the switch. I have not used CPPM before but have used radius on other servers and switches including Aruba. But stumped.

    Thanks
    Robery

    Get Outlook for Android