Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Radius server config - Aruba2930M

This thread has been viewed 5 times

  • 1.  Radius server config - Aruba2930M

    EMPLOYEE
    Posted Oct 31, 2019 11:58 AM

    Hello All,

     

    I am new to the Aruba environment and am trying to setup a lab environment for simulating bare basic 802.1X wired authentication using clearpass. 

     

    For some reason i think the 2930M switch is not communicating back to the Radius server. 

     

    After reading the Clearpass wired policy enforcement doc -  i tried configuring the switch for 802.1x, but still no luck. I am sure i am missing something here. 

    Below is what my config looks like : 

     

     

    radius-server host 10.130.110.19 key "Aruba123!"
    radius-server host 10.130.110.19 dyn-authorization
    radius-server host 10.130.110.19 time-window plus-or-minus-time-window
    radius-server host 10.130.110.19 time-window 30
    ip default-gateway 10.76.138.1
    ip source-interface radius vlan 2073
    ip client-tracker trusted
    snmp-server community "public" unrestricted
    aaa server-group radius "CLEARPASS" host 10.130.110.19
    aaa accounting update periodic 5
    aaa accounting network start-stop radius server-group "CLEARPASS"
    aaa authorization user-role enable download
    aaa authentication port-access eap-radius server-group "CLEARPASS"
    aaa authentication captive-portal enable
    aaa port-access authenticator 1/5
    aaa port-access authenticator 1/5 client-limit 3
    aaa port-access authenticator active

     

    And below is the output from the show radius command.

     

    SHOW RADIUS HOST 10.130.110.19

    Status and Counters - RADIUS Server Information


    Server IP Addr : 10.130.110.19

    Authentication UDP Port : 1812 Accounting UDP Port : 1813
    Round Trip Time : 0 Round Trip Time : 0
    Pending Requests : 0 Pending Requests : 0
    Retransmissions : 18 Retransmissions : 0
    Timeouts : 21 Timeouts : 0
    Malformed Responses : 0 Malformed Responses : 0
    Bad Authenticators : 0 Bad Authenticators : 0
    Unknown Types : 0 Unknown Types : 0
    Packets Dropped : 0 Packets Dropped : 0
    Access Requests : 6 Accounting Requests : 0
    Access Challenges : 0 Accounting Responses : 0
    Access Accepts : 0
    Access Rejects : 0

     

    Can anyone see what i am missing here ? I can also ping the Radius host from the switch.

     

    Thanks.



  • 2.  RE: Radius server config - Aruba2930M

    MVP GURU
    Posted Nov 01, 2019 02:19 AM

    Do you have check the shared secret ?

     

    What do you have on ClearPass log ? (and event ?)

     

    There is no firewall between ClearPass and switch ?



  • 3.  RE: Radius server config - Aruba2930M
    Best Answer

    EMPLOYEE
    Posted Nov 01, 2019 02:42 AM

    Hello,

     

    Thank you for your reply :) 

     

    I figured it out late night when i tore down the AAA connection on the switch , and reconfigured it. 

     

    It turns out - it was an issue with Clearpass server Radius certificate/HTTPs certificate !

     

    I created a new self-signed certificate and instantly i could see responses on the "Access tracker" on clearpass from the switch. 

     

    However i have to admit the switch logs were quite misleading - "Cant reach the Radius server : X.X.X.X ".

     

    Thanks again !



  • 4.  RE: Radius server config - Aruba2930M

    MVP GURU
    Posted Nov 02, 2019 06:48 AM

    Strange about issue on the certificate...