We are in the midst of configuring an Aruba solution which utilises a SonicWall appliance to apply policy to AD authenticated users.
It does so by establishing RADIUS Accounting relationships and inspecting the packets for AD usernames which it subsequently lookups against AD.
All accounting messages are working between the Clearpass and Aruba controllers, but how can I forward these on to the SonicWall appliance?
The Clearpass is correctly authenticating AD users and applying the correct user roles, so am happy that is working as expected.
You can't forward on the RADIUS accounting packets. You can defined multiple RADIUS servers in the server group on the controller but the 2nd server only gets used if the 1st server doesn't respond.
Yeah I managed to find a similar post in the end. We have found a way to achieve this though by having the Sonicwall appliance forward on the RADIUS Accounting messages from the WLCs to the CPPM. Still some testing to do, but on the face of it, all would appear to be working as expected.
Wondering if you could share your experiance in here of what configuration you did on Sonicwall or you controllers in order for Sonicwall to see the Wireless users as authenticated users.
Thanks for your reply, I have defined our Sonicwall into WLC 5508 as accounting Server, and defined the same configuration in Sonicwall as well, but I can't get it working :)
Yes, I have tried this method and watched couple of youtube vidoes, but not luck :) And my configuration it looks the same how it listed in the KB artical.
In ArubaOS 6.4 you can define multiple RADIUS accounting servers so this would also get around the problem.
it's 220.127.116.11375 - CP-HW-5K
Sonicwall Version NSA E-Class 6600 Firmware version: SonicOS Enhanced 18.104.22.168-14n
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.