Security

Reply
Occasional Contributor II

AirGroup configuration with Enforce ClearPass registration

I have a production environment with Aruba 7240 Controllers running 8.2.0.4 code and using clearpass for authentication.  We currently have device registration set up for users to register devices within ClearPass and connect them to the guest wireless.  

 

We want to turn on Airgroup with ClearPass to allow users to register devices and share with users as well as allow the mDNS things like chromecast and airplay etc.  

 

I already have the controllers and mm set up as NADs within ClearPass and normal authentications are successful.  When I set up the Airgroup Profile on the MM for the needed services, select Airgroup server enforce registration and set the Airgroup ClearPass to our current ClearPass group, I am seeing authentication errors in the event viewer of ClearPass.  The error message is indicating that the PSK (IP address of MM) is wrong, but I have normal RADIUS authentications that are successful from this same device.

 

I have the MM defined as an Airgroup controller on the CPPM guest side with that same PSK as well.  

 

Just wondering if anyone has any pointers on this one?  Since this is in production, I cant go reset the PSK on the NAD in CPPM unless we set a maintenance window.

 

Thanks!!

Occasional Contributor II

Re: AirGroup configuration with Enforce ClearPass registration

Sounds strange. if you look at the "Access Device IP/Port" in access tracker details pop up, do you see that the IP address is same for the working and non working requests?

 

 

Would you be able to share a packet capture of working and non working RADIUS requests?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: