Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass 6.6.5 VM picking up random IP Addresses

This thread has been viewed 0 times

  • 1.  ClearPass 6.6.5 VM picking up random IP Addresses

    Posted May 19, 2017 10:18 AM

    Hi, we are running a Cluster on 6.6.5 and after this version was installed yesterday, we have noticed that it is trying to attach itself to another IP Address within the same subnet. We have checked VM Ware and also Clearpass but can't find this random IP Address anywhere. Has anyone else ever had this issue?

    We restarted the Servers and they then chose another random address. Within Clearpass, it is only showing the IP Address of the Publisher, Subscriber and VIP though.

     

    Thanks



  • 2.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    EMPLOYEE
    Posted May 19, 2017 03:26 PM

    Hi,

     

    Have you assigned static IP address to CPPM servers or DHCP ?  I found below KB for vmware which is assigning invalid ip after reboot.

     

    https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2012646

     

    Regards,

    Pavan

     

     



  • 3.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    Posted May 19, 2017 11:41 PM
    Thanks Pavan, we use static ip addresses but a random ip is appearing on the vm console when we reboot the box. I'll pass that info onto my colleagues and ask them to take a look in the registry.


  • 4.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    Posted May 23, 2017 09:52 AM

    Thanks, we have found this is something called "Docker0" on CP - it's addresses keep increasing everytime we reboot the VM.

    We've been on a webex with Aruba but they're unable to fix it - can anyone advise? Aruba found the Docker0 from logging in as arubasupport which we don't have access too.

    Does anyone know if this "Docker0" address can be statically assigned?



  • 5.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    EMPLOYEE
    Posted May 23, 2017 10:18 AM

    Could you share Aruba TAC ticket number?

     

    Regards,

    Pavan



  • 6.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    Posted May 23, 2017 10:15 PM

    So the CPPM docker host IP@ will likely be 172.17.0.1. If you want to stop this, try stopping the Extension Services. This should take this issue away.



  • 7.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    Posted May 24, 2017 06:47 AM
    @dannyjump wrote:

    So the CPPM docker host IP@ will likely be 172.17.0.1. If you want to stop this, try stopping the Extension Services. This should take this issue away.

    Thanks Danny, is this via APIs? I'm trying to locate the extension services but can't find them

     

    Thanks

    Jo 



  • 8.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    EMPLOYEE
    Posted May 24, 2017 07:06 AM

    Hi,

     

    Login to CLI as appadmin user and stop the service

     

    # service status all  (List all the services)

    # service stop cpass-extensions

     

    Regards,

    Pavan



  • 9.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    EMPLOYEE
    Posted May 24, 2017 07:37 AM
    Are you having any issues because of this?


  • 10.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    Posted May 24, 2017 11:58 AM
    Hi Tim, Thanks for your reply. Yes, we are having issues as we use the 172.17.x.x/24 range and so every time there is a reload, the docker0 picks another address which is already in use, then if that system reloads, it goes down as CPPM takes the address.


  • 11.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    Posted May 25, 2017 06:50 AM

    If we can get admin-level help, we could give this a go:

    https://community.arubanetworks.com/t5/Network-Management/AirWave-8-2-3-won-t-talk-to-172-17-0-0-16-addresses/m-p/284075



  • 12.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    EMPLOYEE
    Posted May 25, 2017 06:55 AM

    Ian,

     

    Community link which you shared is for Airwave, stopping extension service will fix docker issue in CPPM, if it does then need to make changes in CLI which need awsupport credentials.

     

    Regards,

    Pavan



  • 13.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    Posted May 24, 2017 11:54 AM
    Thanks, will try that


  • 14.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    Posted May 27, 2017 04:43 AM
    @PAVAN wrote:

    Hi,

     

    Login to CLI as appadmin user and stop the service

     

    # service status all  (List all the services)

    # service stop cpass-extensions

     

    Regards,

    Pavan

    Thanks. I tried this and it didn't work. It said the service had stopped, however when I restarted the CPPM, the Docker0 was still showing an increased ip address



  • 15.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    Posted May 28, 2017 07:42 PM

    So I can get an absolutely and clear understanding, beyond the fact when you reboot CPPM it will restart the Extension service, 'What is the actual issue and how is it affecting you and your ability to run/use-ClearPass?"



  • 16.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    Posted May 29, 2017 12:31 AM
    Hi Danny,
    The issue is that the range that clearpass is using for the docker0 address is used by other servers. Whenever it decides to increase, it takes an ip that is already in use and when that system restarts after updates, it is no longer connected to the network because clearpass has taken its address. It's not affecting us being able to use clearpass other than we then have to keep restarting it for the addresses to increase past another servers address, but we can't keep doing this.
    I hope this helps explain it

    Regards, jo


  • 17.  RE: ClearPass 6.6.5 VM picking up random IP Addresses
    Best Answer

    Posted May 29, 2017 01:45 AM

    Jo, Thanks for the explanation. Without going into and huge explanation this is something we will be fixing in a future release. 

     

    I'm still not sure how it's effecting other systems as that IP address range is used internally and is NATed out of the MGMT interface when CPPM communicates with external systems.

     

    For now and based upon the fact that ClearPass is not being started/stopped very regularly your solution will be to stop the Extension service if you have to re-start ClearPass. This will remove the 172.17.x.x IP-address range from CPPM.

     

     



  • 18.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    Posted May 29, 2017 03:37 AM
    Thanks Danny

    Kind regards
    Jo


  • 19.  RE: ClearPass 6.6.5 VM picking up random IP Addresses

    Posted May 24, 2017 06:45 AM
    @PAVAN wrote:

    Could you share Aruba TAC ticket number?

     

    Regards,

    Pavan

    Thanks Pavan, unfortunatley we never seem to be given a TAC number - it all goes through our reseller