Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Error when authenticating admins from Instant AP to Clearpass

This thread has been viewed 7 times

  • 1.  Error when authenticating admins from Instant AP to Clearpass

    Posted Sep 29, 2014 01:49 AM

    So following this guide: http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-authenticate-IAP-admin-user-against-CPPM-over-TACACS/ta-p/192931

     

    And get an error in event viewer whenever a TACACS packet has been received.

     

    Authentication failure: shared secret mismatch or bad tacacs packet from device=<snip>

     

    The shared secret has been triple checked as correct. Clearpass is happily accepting RADIUS packets from these IAPs and also has other fully functioning TACACS services, so there doesn't appear to be any configuration issue, and the problem appear to be specific to the Instant AP which is running version 6.4.0.3. This error occurs regardless of whether the service is enabled or not, so it cannot be a service config issue.

     

    Normally I would go to packet capture at this point but I don't think clearpass has this facility.

     

    Anyone seen this before?



  • 2.  RE: Error when authenticating admins from Instant AP to Clearpass

    EMPLOYEE
    Posted Sep 29, 2014 01:56 AM

    you can do a packet capture in the server manager. Make sure you have the correct vendor in the network device settings.

     

    Screen Shot 2014-09-29 at 12.52.56 AM.png



  • 3.  RE: Error when authenticating admins from Instant AP to Clearpass

    Posted Sep 29, 2014 02:01 AM

    Thanks Troy. Ouch, painful way to capture compared to cli but I'll give it a go.

     

    The vendor is 'Aruba' even though this is Dell instant, no option for Dell

     

    cheers