I know there are many customers using ClearPass for eduroam (or govroam, or publicroam which are similar mechanisms). For RADIUS proxy, I would not rely too much on policy simulation. Do you see in Access Tracker the correct service matched? Do you see the same with an actual request through a wireless SSID eduroam?
Did you register/authorized your ClearPass with the public IP (or NAT) with your federation partner/national eduroam? If the source IP or shared secret doesn't match, the FLR may just drop your incoming requests.
Access Tracker may provide more information (Alert tab, show logs). Also, you could run a packet capture on ClearPass (via Server Manager, Collect Logs) or an upstream device to see if there is a RADIUS packet going out (and maybe coming back).
Your authentication seems that the RADIUS service does not respond, which may be service classification, RADIUS shared secrets, firewall, routing, etc.
Working with your Aruba partner or Aruba TAC may be useful as well, to step by step find where in the process the issue may be and from there troubleshoot more specifically. Eduroam proxy is quite common and should just work if you 'follow the rules' (in ClearPass, routing, firewalls, with your national provider).
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: May 09, 2024 05:39 AM
From: ajorigenes17
Subject: Eduroam with Clearpass
Hello Everyone,
I just want to ask if anyone of you already setup a Eduroam with Clearpass ? it seems that there is no valid documentation for clearpass integration . I just read the documentation from Giant https://archive.geant.org/projects/gn3/geant/services/cbp/Documents/cbp-79_guide_to_configuring_eduroam_using_the_aruba_wireless_controller_and_clearpass.pdf but it seems not updated. if anyone already implement it and you have a step by step guide , may I ask for your guidance. as of now im having trouble in communicating between the FLR server still figuring out why it wont able to reach the FLR (Federal Level Radius server )server and it gives me a radius authentication failed error.