Cloud Managed Networks

Hi trying to configure a dowloadable user role

clearpass version 6.9.13

swtich 6300F version 10.07.0030

here's my switch and clearpass config. It works on local user role but the downloadble does not get pushed to the switch. Anything I'm missing? 

Do you see any errors or messages related to the role download in the CX switch logging?

You probably should start by changing the IP addresses (10.16.20.31/32) to the FQDN which should be resolvable in DNS or through a ip dns host statement in your switch.

The switch will reach out to your ClearPass and the ClearPass HTTPS server certificate should match the fqdn and should be issued by the root CA that you imported as trust anchor. It's likely that the IP address is not part of the ClearPass server certificate and the SSL/HTTPS connection to download the certificate will not even come up. That should be logged as well in the switch.

Hi trying to configure a dowloadable user role

clearpass version 6.9.13

swtich 6300F version 10.07.0030

here's my switch and clearpass config. It works on local user role but the downloadble does not get pushed to the switch. Anything I'm missing? 

Do you see any errors or messages related to the role download in the CX switch logging?

You probably should start by changing the IP addresses (10.16.20.31/32) to the FQDN which should be resolvable in DNS or through a ip dns host statement in your switch.

The switch will reach out to your ClearPass and the ClearPass HTTPS server certificate should match the fqdn and should be issued by the root CA that you imported as trust anchor. It's likely that the IP address is not part of the ClearPass server certificate and the SSL/HTTPS connection to download the certificate will not even come up. That should be logged as well in the switch.

Hi trying to configure a dowloadable user role

clearpass version 6.9.13

swtich 6300F version 10.07.0030

here's my switch and clearpass config. It works on local user role but the downloadble does not get pushed to the switch. Anything I'm missing? 

Do you see any errors or messages related to the role download in the CX switch logging?

You probably should start by changing the IP addresses (10.16.20.31/32) to the FQDN which should be resolvable in DNS or through a ip dns host statement in your switch.

The switch will reach out to your ClearPass and the ClearPass HTTPS server certificate should match the fqdn and should be issued by the root CA that you imported as trust anchor. It's likely that the IP address is not part of the ClearPass server certificate and the SSL/HTTPS connection to download the certificate will not even come up. That should be logged as well in the switch.

Hi trying to configure a dowloadable user role

clearpass version 6.9.13

swtich 6300F version 10.07.0030

here's my switch and clearpass config. It works on local user role but the downloadble does not get pushed to the switch. Anything I'm missing? 

Do you see any errors or messages related to the role download in the CX switch logging?

You probably should start by changing the IP addresses (10.16.20.31/32) to the FQDN which should be resolvable in DNS or through a ip dns host statement in your switch.

The switch will reach out to your ClearPass and the ClearPass HTTPS server certificate should match the fqdn and should be issued by the root CA that you imported as trust anchor. It's likely that the IP address is not part of the ClearPass server certificate and the SSL/HTTPS connection to download the certificate will not even come up. That should be logged as well in the switch.

Hi trying to configure a dowloadable user role

clearpass version 6.9.13

swtich 6300F version 10.07.0030

here's my switch and clearpass config. It works on local user role but the downloadble does not get pushed to the switch. Anything I'm missing? 

So i change the ACL to port numbers instead of https/http/dns and that seemed to work. stange coz in local user role, when i do the https/http/dns instead of port numbers it still works. 

Do you see any errors or messages related to the role download in the CX switch logging?

You probably should start by changing the IP addresses (10.16.20.31/32) to the FQDN which should be resolvable in DNS or through a ip dns host statement in your switch.

The switch will reach out to your ClearPass and the ClearPass HTTPS server certificate should match the fqdn and should be issued by the root CA that you imported as trust anchor. It's likely that the IP address is not part of the ClearPass server certificate and the SSL/HTTPS connection to download the certificate will not even come up. That should be logged as well in the switch.

Hi trying to configure a dowloadable user role

clearpass version 6.9.13

swtich 6300F version 10.07.0030

here's my switch and clearpass config. It works on local user role but the downloadble does not get pushed to the switch. Anything I'm missing? 

Hi trying to configure a dowloadable user role

clearpass version 6.9.13

swtich 6300F version 10.07.0030

here's my switch and clearpass config. It works on local user role but the downloadble does not get pushed to the switch. Anything I'm missing? 

I would also recommend to use recent software versions as in CX a lot of progress is taking place regarding all kinds of features but especially for port authentication! 

Hi trying to configure a dowloadable user role

clearpass version 6.9.13

swtich 6300F version 10.07.0030

here's my switch and clearpass config. It works on local user role but the downloadble does not get pushed to the switch. Anything I'm missing?