Security

last person joined: 9 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Changing RADIUS auth and acct ports for a particular service

This thread has been viewed 0 times

  • 1.  Changing RADIUS auth and acct ports for a particular service

    Posted Feb 04, 2020 10:20 AM

    Hi,

     

    I want one of my CPPM services to listen on a different port number for RADIUS auths and accts. I tried adding a match condition on the service for 'Connection' 'Dest-Port' 'EQUALS' '<new port number>' but this doesn't seem to be working. Is it possible to do this or am I on the wrong path?

     

    Thanks

    Guy



  • 2.  RE: Changing RADIUS auth and acct ports for a particular service

    EMPLOYEE
    Posted Feb 04, 2020 11:21 AM

    Does match condition is set to ALL or ANY? and also radius request will hit this services only if radius request is going to that Destination Port number.

     

    Best option is open any Access tracker log entry and go to Radius Request tab and look for variable which matches your requimrent and try set that value in service rule.



  • 3.  RE: Changing RADIUS auth and acct ports for a particular service

    Posted Feb 05, 2020 06:58 AM

    On the controllers (AOS8.4.0.4) the auth servers are all using the non-standard port numbers.

     

    On CPPM it is set to match ALL on the essid and the Connection Dest-Port (I did as you suggested and checked that this looked like the right attribute).

     

    The service is actually a RADIUS proxy, so we are just punting these requests off to our existing FreeRADIUS servers (we'll start moving auth down to ClearPass soon but for now everything is just proxied through).