I've configured a 2930F with local user roles, and the client gets assigned that role fine from ClearPass. With 'show port-access clients' I can see the user is connected to the network with the correct user role. However when I try to enable user-based tunneling, I'm getting these error messages.
2930F(eth-5)# enable
2930F(eth-5)#
I 10/08/19 18:32:12 00435 ports: port 5 is Blocked by AAA
0012:18:51:21.95 TNT mtnodeUserCtrl:aqLookupSpecify failed: result= -13
0012:18:51:21.95 TNT mtnodeUserCtrl:User Data Retrieval of type 1 for user b827eb-cb3eea failed
0012:18:51:21.95 TNT mtnodeUserCtrl:userTNodeProcAddUserReq: UAC FSM failed for USER_TNODE_UAC_START_EVT
I 10/08/19 18:32:12 00076 ports: port 5 is now on-line
I 10/08/19 18:32:12 00001 vlan: TUNNELED_NODE_SERVER_RESERVED virtual LAN enabled (11 times in 60 seconds)
I 10/08/19 18:32:12 00002 vlan: TUNNELED_NODE_SERVER_RESERVED virtual LAN disabled (11 times in 60 seconds)
And then the result=-13 error just repeats.
I have configured the secondary user role:
aaa authorization user-role name "UBT-LUR-Camera"
policy "camera"
vlan-id 3308
tunneled-node-server-redirect secondary-role "UBT-Camera"
And on the mobility controller I have role UBT-Camera with VLAN 3308 enabled and with allowall ACL.
Connection to the controllers also seem fine:
# show tunneled-node-server state
Local Master Server (LMS) State
LMS Type IP Address State Capability Role
Primary : 10.133.5.61 Complete Per User Operational Primary
Secondary : 10.133.5.62 Complete Per User Operational Secondary
Any tips for troubleshooting this?
Thanks!