Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass and Juniper comtroller

This thread has been viewed 1 times

  • 1.  Clearpass and Juniper comtroller

    Posted Apr 21, 2014 07:35 PM

    Hi All,

     

    I have CPPM 6.3. My wireless is Juniper and the controller is Juniper 880R running code 8.0.3.

    When I create a new SSID for guest and point it to the web portal I created on CPPM and have a machine connects to that SSID, the connection is successful (VLAN working fine) and it gets an IP from the guest subnet but it fails to redirect anywhere!!

    I get "requested server not found due to DNS timeout"

    When I connect to any other SSID on the network and I navigate to my CPPM web portal, I can go there with no issues.

    On the Juniper controller by default there is an access list that works for the guest SSID to only allow udp BOOTP client port68 to destination BOOTP server port67. Unfortunately this ACL do not work with CPPM I assume that the CPPM BOOTP server port is not 67!!

     

    Any help is really appreciated.

     

     

     



  • 2.  RE: Clearpass and Juniper comtroller

    Posted Apr 23, 2014 12:42 PM

    I called support on this and they weren't that helpful. for so odd reason they told me that I need an Aruba controller with a valid support contract in order for them to help me!! I find this odd because there is no aruba controller involved on the setup, it is Juniper and clearpass. They emailed me a list of ACLs that usually on AOS for clearpass traffic-I wasn't able to make sense of off these ACLs because I'm on a Juniper controller.

     

    Still waiting for some input.



  • 3.  RE: Clearpass and Juniper comtroller

    Posted May 06, 2014 07:17 AM

    not sure if you still have this issue, but i would just contact support again and provide your clearpass serial number and explain this issue again.

     

    for the rest it sounds you need to modify your ACL to allow DNS and HTTP(S) to the clearapss.



  • 4.  RE: Clearpass and Juniper comtroller

    MVP
    Posted Mar 16, 2017 06:47 AM

    Did you ever get this resolved, and if so, remember how? 

    Got the exact same issue.

     

    Both Aruba and Juniper controllers with Clearpass portals.

    Aruba works fine (offcourse).

    When connecting via the juniper however I always get that same error (error 504 - the requested server was not found due to DNS timeout).

     

    The thing is..  the client pc can resolve the clearpass hostname wihout problem! ACL allows dns and http(s) to clearpass.

    When I replace the hostname with the ip address all works fine.

     

    I'm realy curious as to what is exactly spewing this error. Not the client since it can resolve just fine. I'm guessing the Juniper WLC itself which would be weird aswell as it is configured with correct dns info.

    More weird stuff.. even when I configure the juniper web portal login page to use an ip address it spews this error?!

     

     

    EDIT (sollution):  within the wireless serice the web-portal ACL is configured. Make sure to allow DNS and Clearpass here.  Customer had replaced this ACL :(