Security

Hi There,

I'm trying to get 802.1x mac-radius working with Clearpass & a Juniper EX2200 switch and am not seeing any requests hit the Clearpass monitor logs. 

I've followed this guide https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce157-example-aruba-dot1x-mac.html

I've attached the log output & config of the switch.

Thanks in advance.

Attachment(s)

dot1x_test_switch.txt   10 KB 1 version

JunOS_Dot1x_Log.txt   13 KB 1 version

Two suggestions, check in the event-viewer.... this scenario is typically because the NAD is not defined on CPPM either as a host/range/subnet.

IF a dot1X authN is hitting CPPM and the above is true then it will as you correctly point out NOT show in AT but should show in the event-viewer. 

Hi Danny,

Thanks for the reply. 

That's the strange bit, I don't get any errors in the event viewer & the device is configured using its host IP.

I've setup a new "device" for the entire subnet and I still don't get a hit in the activity logs.

Any further suggestions?

What is the radius source IP configured on the switch ?

This is the command:

set access radius-server [CLEARPASS-SERVER-IP] source-address [SWITCH-IP]

Thank you

Victor Fabian

Pardon typos sent from Mobile

Hi Victor,

Thanks for the reply! 

access {
radius-server {
192.168.2.95 {
port 3799;
secret "$9$s22gJUjqTF/wYgJ"; ## SECRET-DATA
source-address 192.168.1.8;
}
}
profile Aruba-Test-Profile {
authentication-order radius;
radius {
authentication-server 192.168.2.95;
options {
nas-identifier 192.168.2.95;
}
}
accounting {
order radius;
}
}
}