View Only
last person joined: 12 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass - proxy servers status check

This thread has been viewed 14 times
  • 1.  ClearPass - proxy servers status check

    Posted Apr 09, 2024 04:54 AM



    Pub and standby pub + 4 subscribers

    Is there an way to check whether ClearPass thinks a FreeRADIUS server that it proxies to is up or down?

    We recently had some disruptive router works done, we had to failover our ClearPass cluster to our B site and then back again and rebuilding the cluster was a little problematic. Two of the ClearPass subscribers (when re-added to the cluster) started filling up with Proxy event messages marking the two FreeRADIUS servers as down (and auths looked to be failing). We took those two ClearPass boxes out of the AOS server group so are no longer sending requests to them. The logs stopped filling with messages but I'm not sure whether that is just because we have stopped sending messages, or whether they have now marked the FR servers as up.

    How does ClearPass ascertain whether a peer is up or not? Is that info easily viewable?




  • 2.  RE: ClearPass - proxy servers status check

    Posted Apr 09, 2024 08:52 AM

    Proxy operation is set with the Proxy section of the per-server service parameters.  ClearPass is behaving the same against a proxy target as a NAS acts against ClearPass, sending a request and waiting for a reply, successive failures (i.e., "maximum retry count") will result in the target being marked as dead for a period of time.

    Carson Hulcher, ACEX#110

  • 3.  RE: ClearPass - proxy servers status check

    Posted Apr 14, 2024 03:35 AM

    Thanks Carson,

    Apologies for the slow response. Does ClearPass send 'test' requests periodically automatically? Or is that something we need to set up? 


  • 4.  RE: ClearPass - proxy servers status check
    Best Answer

    Posted Apr 15, 2024 10:01 AM

    I've not seen any options in ClearPass for active monitoring of an external RADIUS server.

    Carson Hulcher, ACEX#110