Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Mac auth using clearpass

This thread has been viewed 11 times

  • 1.  Mac auth using clearpass

    Posted May 26, 2016 03:55 PM

    On reloading the LAN switch, some users go into blocking state.On flushing mac address on switch it works fine. May I know whats wrong?

     

    Clearpass access tracker has below messages:

     

    Endpoints Repository] - localhost: User not found.
    Static-host-list1011: No free connections available
    StaticHostList-1012: No free connections available
    StaticHostList-1013: No free connections available
    StaticHostList-1014: No free connections available
    StaticHostList-1015: No free connections available
    StaticHostList-1016: No free connections available
    StaticHostList-1017: No free connections available
    StaticHostList-1018: No free connections available
    StaticHostList-Edge55-56: No free connections available
    StaticHostList-AccessAllow: No free connections available
    MAC-AUTH: MAC Authentication attempted by unknown client, rejected.

     

    2016-05-25 05:52:22,597

    [Th 81385 Req 1696477 SessId R00023561-01-5745a006] ERROR RadiusServer.Radius - rlm_shl: No free sql connections available

    2016-05-25 05:52:22,597

    [Th 81385 Req 1696477 SessId R00023561-01-5745a006] ERROR RadiusServer.Radius - rlm_sql (auth_local_db): There are no DB handles to use! skipped 0, tried to connect 0

    2016-05-25 05:52:22,597

    [Th 81385 Req 1696477 SessId R00023561-01-5745a006] ERROR RadiusServer.Radius - rlm_shl: No free sql connections available

    2016-05-25 05:52:22,598

    [Th 81385 Req 1696477 SessId R00023561-01-5745a006] ERROR RadiusServer.Radius - rlm_sql (auth_local_db): There are no DB handles to use! skipped 0, tried to connect 0

    2016-05-25 05:52:22,598

    [Th 81385 Req 1696477 SessId R00023561-01-5745a006] ERROR RadiusServer.Radius - rlm_shl: No free sql connections available

    2016-05-25 05:52:22,599

    [Th 81385 Req 1696477 SessId R00023561-01-5745a006] ERROR RadiusServer.Radius - rlm_sql (auth_local_db): There are no DB handles to use! skipped 0, tried to connect 0

    2016-05-25 05:52:22,601

    [Th 81385 Req 1696477 SessId R00023561-01-5745a006] ERROR RadiusServer.Radius - rlm_shl: No free sql connections available

    2016-05-25 05:52:22,602

    [Th 81385 Req 1696477 SessId R00023561-01-5745a006] ERROR RadiusServer.Radius - rlm_sql (auth_local_db): There are no DB handles to use! skipped 0, tried to connect 0

    2016-05-25 05:52:22,604

    [Th 81385 Req 1696477 SessId R00023561-01-5745a006] ERROR RadiusServer.Radius - rlm_shl: No free sql connections available

    Thanks in advance!!



  • 2.  RE: Mac auth using clearpass

    EMPLOYEE
    Posted May 26, 2016 03:57 PM
    Please open a TAC case so they can investigate.


  • 3.  RE: Mac auth using clearpass

    Posted Nov 13, 2019 12:16 PM

    Did you ever get a resolution on this?  We just saw the same for devices that are MAC-Auth'd (wired phones).  Cisco switches were rebooted and some phones did not get authorized response from Clearpass.  Access Tracker shows No Connection Available message.  Shut/No shut the port on the switch and authorized just fine.

     

    Thanks for any update on this issue.

     



  • 4.  RE: Mac auth using clearpass

    EMPLOYEE
    Posted Nov 13, 2019 12:24 PM

    Static Host Lists should not really be used. If you choose to use them, don't use them as an auth source. Use [Allow All MAC Auth] and [Endpoints Repository] and then use the SHL in policy.