I am trying to get radius authentication working with clearpass nac solution (mac based only). I am using 6200 cx switch managed thru aruba central.
It works as expected initially. after few hours or for new client authentication on the same port. I am seeing radius authentication error with the following message in clearpass "Failed to decode RADIUS packet - Received packet from <nas-ip> with invalid Message-Authenticator! (Shared secret may be incorrect.). re adding the radius key under the clearpass "devices tab" seems to mitigate the issue. however it re occurs as soon as we connect new client under same port.
Switch configs:
radius-server host 10.0.0.1 key ciphertext <XXXXX>
radius-server host 10.0.0.2 key ciphertext <XXX>
!
!
aaa group server radius cluster_1
server 10.0.0.1
server 10.0.0.2
!
!
radius dyn-authorization enable
aaa configs are applied at interface level too
Has anyone faced this issue ? I have few sites running fine on AOS-S switch so I am leaning towards Aruba CX switch and central configuration.
Any suggestions ? I am running 10.13.1005 version
------------------------------
Thanks,
AK
------------------------------