Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Occasional Contributor I

CPPM applying send radius accept to 2930f

Hi all, I am attemping to setup LUR using CPPM, 2930F and a 7030 controller. There seems to be a problem with the CPPM communicating to the switch, if I attempt to use onconnect to query for the ports I get an error saying "check IP and snmp community". I have been through that several times even deletting the switch and adding back with the same result. If I turn on snmp debug on the switch it gives an error saying "AuthManager returns CONNECTION_AUTH_INVALID"  but displays it as v1. They seem to talk oneway via radius, if I capture at the CPPM the CPPM sends back radius accept messages but the switch seems to ignore then sends another radius request. After several attempts it gives up and stops sending. Once again I have removed the switch, deleted the radius configure from its config and added again with no change. I am sure I have missed something simple, or maybe not. The switch is running 16.07.0002 and CPPM is 6.7.7. I haven't even got to the controller yet as when I use show port-access clients it shows them going through dot1x, mac a few times then an ad joined client stays at denyall policy.

 

Any suggestions welcome.

Thanks

Highlighted
Moderator

Re: CPPM applying send radius accept to 2930f

You should not be using OnConnect with Aruba switches. Did you follow the ClearPass Solution Guide for Wired Policy Enforcement to set up MAC auth?


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor I

Re: CPPM applying send radius accept to 2930f

Hi Tim, yes I did use the wired deployment Guide 2018 vers, apologies I meant to note that. I was only using onconnect to try and fault find. There are snmp read errors in the event viewer of CPPM and onconnect seemed to be the only way to cause a consistent snmp event to test. The problem I am trying to resolve is the captures on the CPPM show it send radius responses but the switch doesn't do anything with them. I have removed all radius info from the switch and readded, removed the switch from CPPM and readded. Changed the radius key at both ends but still nothing at the switch. I have not used CPPM before but have used radius on other servers and switches including Aruba. But stumped.

Thanks
Robery

Get Outlook for Android
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: