Security

Reply
Occasional Contributor II

Clearpass Radius Accounting issue

hi everyone,

 

We're using Clearpass v6.7patch5, Aruba Instant v6.5.4.8 and FortiGate v6.0.2.

 

The issue is with Radius Accounting Proxy. Clearpass stops to send the attribute Filter-ID to FortiGate so the user won't get the correct Usergroup configured on the FortiGate unit.

 

I've started a packet capture on FortiGate unit and can see the Radius Accounting hitting the interface, but the attribute is missing.

 

On ClearPass, Live Monitoring > Accounting, I can see the username and after some minutes it's stops. The IAP configured accounting interim update is 2min.

 

I used the Fortinet TechNote and configured only the Accounting Proxy option.

 

Any ideia?


| André Fernandes | ACCP| ACMP | ACSP | CWNA | CCNA |
Contributor I

Re: Clearpass Radius Accounting issue

Hi,

Any solution to this issue? We are having the same problem! We are running ClearPass 6.8. Packet capture at the fortigate network interface shows that ClearPass stops sending the Filter-Id attribute after a few radius interim updates.

 

Occasional Contributor II

Re: Clearpass Radius Accounting issue

Hi Heraldo!

 

I had a friend that was working with TAC and they suggest the configuration attached.

 

That works for me.


| André Fernandes | ACCP| ACMP | ACSP | CWNA | CCNA |
Contributor I

Re: Clearpass Radius Accounting issue

Hi Andre,

Thanks for the reply!

I will try this configuration and see if it works for me too. Did you have to restart Policy Server after changing this parameter? Did it work for you right after the change was made?

Regards,

Occasional Contributor II

Re: Clearpass Radius Accounting issue

No restart needed and yes, I could see this working right away.


| André Fernandes | ACCP| ACMP | ACSP | CWNA | CCNA |
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: