Security

Hi,

I'm finding that Clearpass is being bombarded by our two controllers.

And the following from one of the controllers when I do a 'show log all | include 10.0.35.81'

Nov 15 10:23:36  authmgr[3945]: <522275> <ERRS> |authmgr|  User Authentication failed. username=001a1e01cfa0 userip=0.0.0.0 usermac=00:1a:1e:01:cf:a0 authmethod=MAC servername=clearpass01 serverip=10.0.35.81 apname= bssid=01:80:c2:00:00:03
Nov 15 10:23:36  authmgr[3945]: <522275> <ERRS> |authmgr|  User Authentication failed. username=001a1e01cfa0 userip=0.0.0.0 usermac=00:1a:1e:01:cf:a0 authmethod=MAC servername=clearpass01 serverip=10.0.35.81 apname= bssid=01:80:c2:00:00:03

001a1e01cfa0 and 001a1e01cf58 are the MAC address of both controllers.

Any ideas on what might be causing this?

Cheers

Shaun

Hi Tim,

Yeah I have one VLAN untrusted with my clearpass aaa profile assigned to it for captive portal which works fine but since configuring wired access I get all of these errors now.

What are your thoughts?

Cheers

Shaun

The message on the controller means that a device with that mac address was seen incoming on an untrusted port/vlan that has MAC authentication enabled. It could be that you have an L2 loop in your network that feeds traffic from the controller back in, or you have VRRP enabled on an untrusted interface.

Probably best is to find out where this traffic is coming from and check how to best resolve that in your design. If you don't have the troubleshooting skills, please contact your partner or Aruba TAC as having an understanding of how untrusted ports/vlans and authentication works in the Aruba controller is highly recommended to find a proper solution.

.