Security

Hi

We've just had a carastrophic failure of our clearpas cluster where all members processing authenticatino requests stopped with errors about invalid shared secrets. Our mobility controllers are configured to use a radius server group with a numbers of members

1). Clearpass cluster load balanced by our F5 boxes ( VIP 1)

2). Freeradius cluster load balanced by our F5 boxes.(VIP 2)

It looks as if the clearpass cluster members gradually dropped off 1 by one untill they were all dead. What I'm trying to find out is when our mobility controllers decided to switch over to using the freeraidus.

Is this possible from a mobility controller CLI or via airwave?

A

If you type show log error all, it might tell you when each server got marked out of service.  Depending on how busy your server is, it might have rolled out of that log and you would have to look in your external syslog, for the word "Service" if you have it already configured.  Below is what you would see:

authmgr[3689]: <520002> <ERRS> |authmgr|  Authentication server request Timeout, username=TSStudent userip=0.0.0.0 usermac=24:e9:6a:37:9c:71 servername= TOWNDC serverip= 192.168.12.11 bssid=04:bd:88:b3:f7:82 apname=1stfloor
 authmgr[3689]: <520002> <ERRS> |authmgr|  Authentication server request Timeout, username=TSStudent userip=0.0.0.0 usermac=24:e9:6a:33:81:63 servername= TOWNDC serverip= 192.168.12.11 bssid=04:bd:88:b3:f7:92 apname=1stfloor
authmgr[3689]: <522276> <ERRS> |authmgr|  Authentication Server Out Of Service while serving request. servername=TOWNDC serverip=192.16.12.11  username=TSStudent  userip=0.0.0.0 usermac=94:e9:6a:33:81:63 bssid=04:bd:

o.k thanks, I'll have a look round

A

p.s. catastrophic failure was due to running out of disk space on our 500Gbyte disk clearpass VMs, once one went, the rest followed.