Security

Hello, Airheads,

I currently have the problem that my Aruba Mobility Controller refuses to download a role from ClearPass.

The corresponding ClearPass user is stored in the RADIUS Server Settings of the MC

I also set the checkbox "Download Role from CPPM" in the default profile.

In the log I have the message:
Nov 8 12:51:35 :199802: <4792> <ERRS> |authmgr| message.c, tunneled_user_do_role_and_vlan_derivation:12850: User (b8:27:eb:6f:5c:27) unknown default role "TN-DUR-CL1-auth" provided
Nov 8 12:51:35 :199802: <4792> <ERRS> |authmgr| message.c, auth_handle_tunneled_user_add:12684: handle station failed: Mac: b8:27:eb:6f:5c:27

If I use a locally available role, of course it works.
Does anyone have an idea? Forget something ?

Anybody ? :)

Did you resolve this? We are seeing the same issue.

Hello,

unfortunately not yet.

I talked to Herman Robers about it at an Airheads event, we couldn't solve it together.

Thanks again to Herman for the support :)

We also tested the VSA "HPE-CPPM-Secondary-Role", this VSA also works, but the controller still doesn't make any effort to download the role.

But he also told me that the approach is unusual, because the configuration of the roles via Mobility Master is easier than in Clearpass.

My approach to this project, however, is to configure EVERYTHING centrally in Clearpass, so that's where it all comes from.

Unfortunately, I haven't had time to open a ticket yet.

So far I configure the Secondary Role locally on the controllers.

Regards

Any updates on this one? I'm looking to do the same thing, but not finding any comprehensive guide for the correct setup of ArubaOS 8 and ClearPass for DUR. 

We idenitified the issue. We had the radius servers entered twice in the controller. The servers we reference for everything is where we had set the CPPM username/password. However, there was another server entry that had no username/password and it was the entry the controller was using to try and download the role.