Security

 View Only
  • 1.  CX switching not working with ClearPass

    Posted Sep 22, 2024 07:37 PM

    I have added a CX 6200 to clearpass and I am getting this message in clearpass when testing 802.1x wired:

    Failed to decode RADIUS packet - Received packet from 192.168.8.100 with invalid Message-Authenticator! (Shared secret may be incorrect.)

    I have set the key multiple times to aruba123 or testing123. They key is 100% matching. The IP of the switch is in fact 192.168.8.100 and that is the IP listed in clearpass.

    Am I missing a config? Here is what I have on CX:

    radius-server host 172.20.137.126 key ciphertext AQBapUxmadNYB4Glls/U2YySWfFdTyZPi8hN7phvJ75Ze53gCgAAAEYOx3n2SfR4YF0=
    radius-server host 172.20.137.126 vrf mgmt
    aaa group server radius clearpass
        server 172.20.137.126 vrf mgmt
    radius dyn-authorization enable

    aaa authentication port-access dot1x authenticator
        radius server-group clearpass
        enable
    aaa authentication port-access mac-auth
        enable



  • 2.  RE: CX switching not working with ClearPass
    Best Answer

    Posted Sep 22, 2024 09:06 PM

    I switched the design to use an in-band vlan as the source and now it works. I updated the device IP in Clearpass and then removed the vrf mgmt command from the CX commands and now it all works. I feel like something is wrong when vrf mgmt is the source. I did not even update the key at all.