AirGroup configuration with Enforce ClearPass registration
06-14-2019 10:58 AM
I have a production environment with Aruba 7240 Controllers running 188.8.131.52 code and using clearpass for authentication. We currently have device registration set up for users to register devices within ClearPass and connect them to the guest wireless.
We want to turn on Airgroup with ClearPass to allow users to register devices and share with users as well as allow the mDNS things like chromecast and airplay etc.
I already have the controllers and mm set up as NADs within ClearPass and normal authentications are successful. When I set up the Airgroup Profile on the MM for the needed services, select Airgroup server enforce registration and set the Airgroup ClearPass to our current ClearPass group, I am seeing authentication errors in the event viewer of ClearPass. The error message is indicating that the PSK (IP address of MM) is wrong, but I have normal RADIUS authentications that are successful from this same device.
I have the MM defined as an Airgroup controller on the CPPM guest side with that same PSK as well.
Just wondering if anyone has any pointers on this one? Since this is in production, I cant go reset the PSK on the NAD in CPPM unless we set a maintenance window.
Re: AirGroup configuration with Enforce ClearPass registration
07-17-2019 01:34 AM
Sounds strange. if you look at the "Access Device IP/Port" in access tracker details pop up, do you see that the IP address is same for the working and non working requests?
Would you be able to share a packet capture of working and non working RADIUS requests?