Security

I'm trying to connect my Aruba MC 7210 to my ClearPass 6.6 appliance but I get radius error.

 

1. In ClearPass - I Configured my MC 7210 "\Configuration\Network\Devices\"

 

2. In MC 7210 - I configured my Radius Server(ClearPass)

"\Configuration\authentication\Servers\Radius Server"

 

3. In MC 7210 - I configured my Server Group

"\Configuration\authentication\Servers\Server Group"

 

4. In MC 7210 - I configured my RFC 3576 Server(ClearPass)

"\Configuration\authentication\Servers\RFC 3576 Server"

 

5. In MC 7210 - I configured my WLAN pointing to Radius Server

 

And I receive Radius Server Authentication Error. What can I do?

 

Here we have some logs...

[Th 13 Req 5 SessId R00000005-01-5824b6c9] ERROR RadiusServer.Radius - rlm_service: Service Categorization failed

 

[Th 13 Req 5 SessId R00000005-01-5824b6c9] ERROR RadiusServer.Radius - rlm_service: Policy Server result = 65535, msg = Service classification failed

 

[RequestHandler-1-0x7f08245e2700 r=psauto-1478731079-11 h=223 r=R00000005-01-5824b6c9] ERROR Core.ServiceReqHandler - doServiceClassification: Error. Ret code=0 response list size=0

Please post a screenshot of your service.

OK. Look through the input tab in the access tracker request and make sure
those all match. Also, remove rule 3.

Hi, All this information is correct, I removed rule 3 and is the same

 

Your SSID rule is likely the issue. You're searching for "secure", but the
SSID is "DigiWorld.Aruba"

Thanks a lot, I solved it and now I get this

 

ERROR RadiusServer.Radius - rlm_peap: Configured for public mode, but request username hrojas does not match public username public, rejecting

 

How can I config the Authentication without public mode?

 

 

If you're not using EAP-PEAP-Public, remove EAP-PEAP-Public from the
authentication methods list and add EAP-PEAP.

Yes, but I dont't have that choise. Can't I use EAP-MSChap2?

Are you using a RADIUS service? You should definitely have an [EAP PEAP]
option in the list. Please provide a screenshot.

You have high capacity guest mode enabled. You can only use EAP-PEAP Public
in this mode.

Yes and how can I use anthore methods?

You cannot use other EAP methods in HCG mode. It is designed for scaling in
large guest deployments.

Thanks a lot, now I can surf using my WLAN and ClearPass

 

This solutions is oriented to a hotel and good for me to use HCG mode.

Can I use another methods for authentication??

Hi, All this information is correct, I removed rule 3 and is the same.

Logs:

ERROR RadiusServer.Radius - rlm_service: Service Categorization failed

 

ERROR Core.ServiceReqHandler - doServiceClassification: Error. Ret code=0 response list size=0

 

ERROR RadiusServer.Radius - rlm_service: Policy Server result = 65535, msg = Service classification failed