Security

Hi community,

I'm trying to work on an existing CPPM and Controller setup, but having some authentication issues. I'm not seeing any requests in Access Tracker or in the Event Viewer logs for the controller sending a MAC Auth request for a client. It appears as if the traffic isn't reaching clearpass. I did a packet capture on CPPM to verify, and did get the request:

I see the initial request, and when I dive into the RADIUS portion, it has the MAC address as username. I then see an ICMP attempt, which fails. Then a retry from the controller and so on. 

If I manually run a ping from CPPM (same interface) to the same controller, it is successful.

Whats the difference between the ICMP traffic during the RADIUS request and the ICMP traffic when doing a regular ping command? Why would one work and the other doesn't?

Also, logs on the controller show RADIUS server timeout, no response from server for the MAC auth.

Controller is .240 and ClearPass is .127

We have both configured, but its all going through management.

We identified the problem - The RADIUS Server service in ClearPass had been stopped, for an unknown reason. This CPPM server is in a demo environment and had not been used for months. Not sure when it stopped, but that was the cause. We started it and got authentication requests immediately.

Thanks for the help.

When you upgrade the server certificate, you have to restart the radius server service manually...

That is interesting, that very well may have been what happened. I wasn't aware of that, thanks for the info!