Security

Aruba releases ClearPass posture and profile data updates online and ClearPass servers check for these updates on an hourly basis.

Version 1.48743, which was released today, had caused the policy service to crash causing authentication issues.

Aruba has released an updated version, 1.48751, which has resolved the issue.

Please ensure that the update is installed and the policy service is running on all the nodes in the cluster by following steps below:

• To install AV/AS Update version 1.48751, navigate to ClearPass Policy Manager GUI: Administration >> Agents and Software Updates >> Software Updates page and click on "Check Status Now".
• Navigate to  Administration >> Server Manager >> Server Configuration >> {{server name}} >> Services Control. Ensure that the "Policy Server" service is running. If it is stopped, click the Start button.

NOTE: Admin authentication to ClearPass UI with non-local admin account will fail, if the policy server is down. Use a local admin account (Administration >> Users and Privileges >> Admin Users) to access the WEB UI or or start the policy server from CLI to gain access.

To restart policy server from CLI, please SSH to the ClearPass server using appadmin account and execute the below command.

service restart cpass-policy-server

Note: All ClearPass servers that are online would have already been updated to the lastest AV/AS version - 1.48751, without user intervention. You may just need to start the policy server to fix the issue.

Hi Saravanan,

I have a query:

I have done 802.1x authentication using EAP-PEAP-MSCHAv2 using Aruba ClearPass as the Authentication server and Aruba Mobility Controller.

I integrated my AD with the ClearPass and downloaded the certificate from AD CS to the controller. I gave default enforcement profile and enforcement Policy.

Authentication is working fine and i could see in  the access tracker that the domain PC is authenticated.

But the problem is i dont have PEFNG Licensce in my controller and as a result i cannot create a user role in my Aruba Controller. So after authentication i can see that  the users are falling to GUEST Role and these users are not able to access internal servers or share folders or internet.

They can ping the internal Resources but not able to access it.

What might be causing issue?

Is there any way to create a user role and access lists for this user in the Aruba ClearPass and enforce it on the 802.1X SSID?? so that i can get away without purchasing the PEFNG License.

Any suggestions or advices would be really helpul as my manager is my eating my head over this.

Thank you.

Hi Tim,

Sorry.

I've been trying to start a new thread for past 1 hour but i can't see the options to start a new thread anywhere.

Can you just help me out with this?

Thank you.

Hi Tim,

Finally i opened a new thread.

Can you help me out with this one as my Manager is eating my head.

Below is the link to my thread:

http://community.arubanetworks.com/t5/Community-Feedback/The-Users-are-falling-under-GUEST-ROLE-after-802-1X/td-p/310847

Thank You.