Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Unable to ping controller from ClearPass

This thread has been viewed 8 times

  • 1.  Unable to ping controller from ClearPass

    Posted Feb 19, 2013 04:26 PM

    Hi, I recently set up a VMware ClearPass Policy Manager to integrate with the Aruba controllers.

    I configured both management and data ports on different subnet. We have a master-local controller environment.

     

    CPPM 6.0.1 VM installed on ESXi 5.

     

    The issue is that from ClearPass i can ping any ip but the controllers ips, and from any controller I can ping any ip but the

    ClearPass ip.

     

    The ClearPass management port is on the same VLAN as the controllers and the data port is on a VLAN that is 

    not configured on the controllers.

     

    Has anyone seen this? Any troubleshooting steps I should pursue?

     

    Thanks.



  • 2.  RE: Unable to ping controller from ClearPass

    EMPLOYEE
    Posted Feb 19, 2013 04:51 PM

    Make sure that the controller and the ClearPass Policy manager have matching subnet masks and default gateways.



  • 3.  RE: Unable to ping controller from ClearPass

    Posted Feb 20, 2013 10:04 AM

    Hi Joseph,

     

    Thanks for the quick reply. All subnet masks and gateways are correct on ClearPass and the controller.

    From any device on any subnet, I can ping both ClearPass and Controller. But unable to ping each other.

     

    Is it some thing tricky with ClearPass that I don't know?  I am new to ClearPass.

     

    Please advise.



  • 4.  RE: Unable to ping controller from ClearPass

    EMPLOYEE
    Posted Feb 20, 2013 10:17 AM

    When you try to ping the Clearpass from the controller on the same VLAN, do you see the clearpass device in the ARP table on the controller?

     



  • 5.  RE: Unable to ping controller from ClearPass

    Posted Feb 20, 2013 10:49 AM

    Hi Joseph,

     

    No, the ClearPass does not appear in the ARP table on the controller.

     

    Regards,



  • 6.  RE: Unable to ping controller from ClearPass
    Best Answer

    Posted Feb 20, 2013 04:52 PM

    Hi Joseph,

     

    It is working now the ClearPass and the Controller can ping each other. I just moved the ip that was configured on data port to  management port on the ClearPass. Now the ClearPass and the Controller are not on the same vlan but it's working.

     

    Thanks to all for your help. 



  • 7.  RE: Unable to ping controller from ClearPass

    Posted Feb 19, 2013 06:20 PM
    Also make sure that the port/vlan is marked as trusted.