Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass local RADUIS server

This thread has been viewed 11 times

  • 1.  ClearPass local RADUIS server

    Posted Feb 11, 2013 04:06 PM

    I was trying to setup a simple configuration with ClearPass as the RADIUS server using a local database. I just want to create a local radius user in ClearPass and  have a specific SSID point to the ClearPass IP to authenticate the user. By default the ClearPass evaluation isn't listening on the RADIUS ports and I configure a RADIUS service, but that didn't seem to do anything. Can ClearPass be a RADIUS server and where are the RADIUS configurations? 



  • 2.  RE: ClearPass local RADUIS server

    Posted Feb 12, 2013 11:27 PM

    By default, ClearPass should be using 1812/1813 for authenticaiton & accounting.  You can verify this under:

     

    Administration > Server Manager > Server Configuration

    Click on the server to take you to the server's configuration details.

    Then, click on the Service Parameters tab.

    Look for the drop-down menu at the top and select Radius server.

    You should see all of the details for the Radius service.

     

    When you open Access Tracker under Monitoring, do you see the authentication request being made?  If so, click on it.

    In the window that popped up, look at the bottom half and you'll see Policies Used.  Is the line right below, Service: , blank or does it contain the name of the service you created?



  • 3.  RE: ClearPass local RADUIS server

    Posted Feb 15, 2013 11:09 AM

    Thanks for the info and ClearPass was listening on the Radius ports by defult, the problem was I executed a port scan, but port scan only list tcp ports, not udp, so that was my mistake. I did check Access Tracker under Monitoring and I'm getting some Radius errors, so I'm not all the way there, but close. 

     

    Bob 



  • 4.  RE: ClearPass local RADUIS server

    EMPLOYEE
    Posted Feb 16, 2013 05:03 PM
    @rgarlin wrote:

    Thanks for the info and ClearPass was listening on the Radius ports by defult, the problem was I executed a port scan, but port scan only list tcp ports, not udp, so that was my mistake. I did check Access Tracker under Monitoring and I'm getting some Radius errors, so I'm not all the way there, but close. 

     

    Bob 



     

    Please see the video in the post here:  http://community.arubanetworks.com/t5/Technology-Blog/Watch-Advanced-quot-How-To-quot-Videos-on-Configuring-ClearPass/ba-p/41420



  • 5.  RE: ClearPass local RADUIS server

    Posted Feb 21, 2013 02:01 PM

    I have the local database working within ClearPass, but now having problems with use ldap as the authentication source. Since it's using ldap and not AD for testing I was using PEAP and EAP GTC as the inner method. On the wireless controller, I have those 2 authentication methods selected below Security -> L2 Authentication -> 802.1x Auth profile. In ClearPass I created a new Authentication Method with EAP-PEAP as the type and EAP GTC as the inner method. My client has Authentication as PEAP and the inner authentication as GTC, but I still get the following error in ClearPass:

     

    PAP: User password not available
    EAP-GTC: Authentication failed

     

    I'm sure what could be configured incorrectly. 

     

    Bob 



  • 6.  RE: ClearPass local RADUIS server

    Posted Feb 16, 2013 12:00 PM
    Post back if you need assistance.