Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Authentication source failover not working

This thread has been viewed 4 times

  • 1.  Authentication source failover not working

    Posted Mar 20, 2020 05:51 PM

    Hello Team, 

    Running into a weird case, 

    I have a token server proxy added as a source of authentication along with a backup proxy (BACKUP1)

    for redundancy test purposes, I turned off the main duo proxy machine in order to terminate authentications automatically into the backup, but authentications failed, 

    taking a clearpass pcap file and looks that cppm is sending radius request to the main  proxy and not failing over the the second one, 

    did i miss something?

     

    CPPM 6.8.3



  • 2.  RE: Authentication source failover not working

    Posted Mar 21, 2020 03:56 AM

    hi please could you share some config screens of cppm



  • 3.  RE: Authentication source failover not working
    Best Answer

    Posted Mar 23, 2020 09:38 PM

    This is to let everyone know that this is expected behavior,

    below feedback from Aruba TAC: 

    When the primary server goes down, Clearpass comes to know the connection failure while validating an authentication request. Hence, it is expected behavior that the first authentication would be failed and subsequent immediate requests would be sent to the backup server.