Security

Reply
Occasional Contributor II

User Role not downloading

i have connected a new switch(its a 24 port switch) to my network and its been 4 days and no user roles have been downloaded.

the switch has been added to clearpass.

no error logs on the switch relating to why user roles are not downloading.

user role download is set to enable

running clearpass 6.7

 

what and where do i need to check on why its not downloading the user role

Guru Elite

Re: User Role not downloading

User roles are downloaded as devices authenticate and require the role.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: User Role not downloading

is there a way to check if the device has been authenticated?

what can i check?

surely it shouldnt take 4-5 days to authenticate

Guru Elite

Re: User Role not downloading

Access Tracker.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: User Role not downloading

can you be bit more descriptive.

am i checking if the switch is authenticating?

 

is there anything in the switch side i need to check to make sure if all the config is good or not

MVP Guru

Re: User Role not downloading

Did you follow the Wired Policy Enforcement Guide? Or this video on the Airheads Broadcasting Channel?

 

Some basic things to check:

- Does the port do authentication at all? show port access clients / show port access clients <port-number> detailed 

- Is the switch local clock synchronized? show ntp status

- Does the switch get the ClearPass root CA as trust anchor? show crypto pki ta-profile

- Did you configure the switch with the ClearPass Downloadable Role admin credentials? 

radius-server cppm.arubalab.com identity aos-switch-dur key password-here

- Did you enable the role-download (you mentioned yes!):  

aaa authorization user-role enable download

- Did you enable role based on the switch? 

aaa authorization user-role enable

 

 

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor II

Re: User Role not downloading

appreciate your detailed questions.

to answer them i found that i did not have the cert installed and as soon as i installed it downlaoded 1 of 2 user roles.

i am still waiting for the switch to dwonload the 2nd role.

 

i would imagine this would answer all of your questions.

 i cant find anywhere in the logs in terms of why its not downloading the 2nd role. this switch is a replica of another switch which has downloaded the all other roles

MVP Expert

Re: User Role not downloading

What version of firmweare are you runnig on the switch. If you use 16.8.3  and configure your radius servers to be clearpass servers then the cert download will happen automagically.

 

 

Occasional Contributor II

Re: User Role not downloading

ning 16.8.1

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: