Security

Reply
Highlighted
New Contributor

Clearpass w/ Juniper for dot1x

Hi There,

 

I'm trying to get 802.1x mac-radius working with Clearpass & a Juniper EX2200 switch and am not seeing any requests hit the Clearpass monitor logs. 

 

I've followed this guide https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce157-example-aruba-dot1x-mac.html

 

I've attached the log output & config of the switch.

 

Thanks in advance.

Highlighted
Moderator

Re: Clearpass w/ Juniper for dot1x

Two suggestions, check in the event-viewer.... this scenario is typically because the NAD is not defined on CPPM either as a host/range/subnet.

 

IF a dot1X authN is hitting CPPM and the above is true then it will as you correctly point out NOT show in AT but should show in the event-viewer. 


Best Regards
-d

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Highlighted
New Contributor

Re: Clearpass w/ Juniper for dot1x

Hi Danny,

 

Thanks for the reply. 

 

That's the strange bit, I don't get any errors in the event viewer & the device is configured using its host IP.

 

I've setup a new "device" for the entire subnet and I still don't get a hit in the activity logs.

 

Any further suggestions?

Highlighted
MVP Expert

Re: Clearpass w/ Juniper for dot1x

What is the radius source IP configured on the switch ?

This is the command:

set access radius-server [CLEARPASS-SERVER-IP] source-address [SWITCH-IP]





Thank you

Victor Fabian

Pardon typos sent from Mobile

Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted
New Contributor

Re: Clearpass w/ Juniper for dot1x

Hi Victor,

 

Thanks for the reply! 

 

access {
radius-server {
192.168.2.95 {
port 3799;
secret "$9$s22gJUjqTF/wYgJ"; ## SECRET-DATA
source-address 192.168.1.8;
}
}
profile Aruba-Test-Profile {
authentication-order radius;
radius {
authentication-server 192.168.2.95;
options {
nas-identifier 192.168.2.95;
}
}
accounting {
order radius;
}
}
}

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: