Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Aruba Employee

Radius server config - Aruba2930M

Hello All,

 

I am new to the Aruba environment and am trying to setup a lab environment for simulating bare basic 802.1X wired authentication using clearpass. 

 

For some reason i think the 2930M switch is not communicating back to the Radius server. 

 

After reading the Clearpass wired policy enforcement doc -  i tried configuring the switch for 802.1x, but still no luck. I am sure i am missing something here. 

Below is what my config looks like : 

 

 

radius-server host 10.130.110.19 key "Aruba123!"
radius-server host 10.130.110.19 dyn-authorization
radius-server host 10.130.110.19 time-window plus-or-minus-time-window
radius-server host 10.130.110.19 time-window 30
ip default-gateway 10.76.138.1
ip source-interface radius vlan 2073
ip client-tracker trusted
snmp-server community "public" unrestricted
aaa server-group radius "CLEARPASS" host 10.130.110.19
aaa accounting update periodic 5
aaa accounting network start-stop radius server-group "CLEARPASS"
aaa authorization user-role enable download
aaa authentication port-access eap-radius server-group "CLEARPASS"
aaa authentication captive-portal enable
aaa port-access authenticator 1/5
aaa port-access authenticator 1/5 client-limit 3
aaa port-access authenticator active

 

And below is the output from the show radius command.

 

SHOW RADIUS HOST 10.130.110.19

Status and Counters - RADIUS Server Information


Server IP Addr : 10.130.110.19

Authentication UDP Port : 1812 Accounting UDP Port : 1813
Round Trip Time : 0 Round Trip Time : 0
Pending Requests : 0 Pending Requests : 0
Retransmissions : 18 Retransmissions : 0
Timeouts : 21 Timeouts : 0
Malformed Responses : 0 Malformed Responses : 0
Bad Authenticators : 0 Bad Authenticators : 0
Unknown Types : 0 Unknown Types : 0
Packets Dropped : 0 Packets Dropped : 0
Access Requests : 6 Accounting Requests : 0
Access Challenges : 0 Accounting Responses : 0
Access Accepts : 0
Access Rejects : 0

 

Can anyone see what i am missing here ? I can also ping the Radius host from the switch.

 

Thanks.


Accepted Solutions
Highlighted
Aruba Employee

Re: Radius server config - Aruba2930M

Hello,

 

Thank you for your reply :) 

 

I figured it out late night when i tore down the AAA connection on the switch , and reconfigured it. 

 

It turns out - it was an issue with Clearpass server Radius certificate/HTTPs certificate !

 

I created a new self-signed certificate and instantly i could see responses on the "Access tracker" on clearpass from the switch. 

 

However i have to admit the switch logs were quite misleading - "Cant reach the Radius server : X.X.X.X ".

 

Thanks again !

View solution in original post


All Replies
Highlighted
MVP Guru Elite

Re: Radius server config - Aruba2930M

Do you have check the shared secret ?

 

What do you have on ClearPass log ? (and event ?)

 

There is no firewall between ClearPass and switch ?



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Aruba Employee

Re: Radius server config - Aruba2930M

Hello,

 

Thank you for your reply :) 

 

I figured it out late night when i tore down the AAA connection on the switch , and reconfigured it. 

 

It turns out - it was an issue with Clearpass server Radius certificate/HTTPs certificate !

 

I created a new self-signed certificate and instantly i could see responses on the "Access tracker" on clearpass from the switch. 

 

However i have to admit the switch logs were quite misleading - "Cant reach the Radius server : X.X.X.X ".

 

Thanks again !

View solution in original post

Highlighted
MVP Guru Elite

Re: Radius server config - Aruba2930M

Strange about issue on the certificate...



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: