Security

 View Only
  • 1.  How to confirm Radius Shared Secret

    Posted Jan 25, 2021 07:24 PM

    Hello,

    I have a remote office with two 7210 controllers that use the Clearpass server in my office for authentication.  One of their users is attempting to login to their wifi and can't connect.  When I look at the Access Tracker in Clearpass 6.7 I don't see any failed attempts like I have in the past for their site.  I have a successful ping connection from Clearpass to their controllers but if I look under Configuration > Network > Devices both of their controllers specify a RADIUS Shared Secret. 

    My next troubleshooting step is confirming Clearpass and their controllers communicating correctly with a successful RADIUS Shared Secret.  (I have a lot of passwords from the previous admin so I don't want to remove anything and retype in the password until I confirm it's working or not with it's current config).

    Any ideas?

    Thanks,

    Cory



    ------------------------------
    C
    ------------------------------


  • 2.  RE: How to confirm Radius Shared Secret

    Posted Jan 25, 2021 07:55 PM
    Anything under Event Viewer?

    ------------------------------
    Danny Jump
    "Passionate about CPPM"
    ------------------------------



  • 3.  RE: How to confirm Radius Shared Secret

    Posted Jan 25, 2021 08:04 PM

    Hi Danny,  looking through the event view there is also not indication here that they are attempting to authenticate to the server.

    Any idea how I can test the Clearpass to Controller beyond just a ping test?  I was looking around for something that would "test connection" or something that I could confirm my Radius Shared secret is correct.

    I have other other devices using Clearpass to authenticate.  Do you know if the Radius Shared Secret is the same for all devices are is each device unique with it's own password?

    Thanks again!



    ------------------------------
    C
    ------------------------------



  • 4.  RE: How to confirm Radius Shared Secret

    Posted Jan 25, 2021 09:41 PM
    Radius shared-secret can be same for all NAD's or unique, complete up to you. To test the Ctrl to CPPM you could try this;

    https://www.arubanetworks.com/techdocs/ArubaOS_81_Web_Help/Content/ArubaFrameStyles/AAA_Servers/Testing_Configured_Auth_Server.htm


    ------------------------------
    Danny Jump
    "Passionate about CPPM"
    ------------------------------



  • 5.  RE: How to confirm Radius Shared Secret
    Best Answer

    Posted Jan 26, 2021 05:42 AM
    If you have no indication in the Access Tracker, and no indication in the Event Viewer, it is very likely that your RADIUS request does not reach the ClearPass. If you have a CPPM Cluster with subscribers, make sure that you configure Access Tracker to view all nodes that may receive the RADIUS request.

    If the packet arrives at ClearPass, you should see either in the Event Viewer if the shared secret is incorrect or in Access Tracker in other cases.

    When I see no entries in Access Tracker and Event Viewer, I use the Collect Logs under the Server Manager to do a packet capture on the ClearPass server and you can see/prove if the request packets arrive at all. If the request does not arrive at the ClearPass server, check your controller/switch/AP that should be sending it, routing on there, and possible firewalls in between.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 6.  RE: How to confirm Radius Shared Secret

    Posted Jan 26, 2021 02:30 PM

    Hi Guys,

    Thanks again for your suggestions.  I worked with the admin of the controller and he found the AAA config under Server Group had gone missing.  He re-add the config to point to the Clearpass server and I am seeing authentication requests again.



    ------------------------------
    C
    ------------------------------