Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170.

This thread has been viewed 3 times

  • 1.  I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170.

    Posted May 05, 2015 10:21 AM

    I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170.

    I have set up the device in CPPM with a shared key, and added the user into AD for the WSA.

    When testing the authentication realm settings from the WSA I get a message stating that the shared secret is incorrect or the agent is unreachable. 

    Form the CPPM I get this in the request log details:

     INFO RadiusServer.Radius - LDAP/AD User lookup time = 1 ms
     INFO RadiusServer.Radius - rlm_auth_check: Auth-Type not set.
     ERROR RadiusServer.Radius - rlm_auth_check: Auth-Type not set or authentication methods have not been configured. Rejecting it.

    I have a policy set to give read only access should a user match the distinguished name, but it is stating that there is no auth type set.



  • 2.  RE: I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170.

    EMPLOYEE
    Posted May 05, 2015 10:27 AM

    Does the authentication from the ironport use PAP, MsChap, etc and are those authentication methods enabled in the service?



  • 3.  RE: I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170.

    Posted May 05, 2015 10:36 AM

    The ironport is using PAP

     But I have PAP, CHAP MSCHAP, and EAP MSCHAP v2 enabled in the CPPM service.



  • 4.  RE: I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170.

    EMPLOYEE
    Posted May 05, 2015 10:39 AM

    What kind of server do you have defined and added to your service, an LDAP server?  If you only doing PAP, you only need an LDAP server defined.



  • 5.  RE: I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170.

    Posted May 05, 2015 10:51 AM

    Not sure what you mean here. 

    It is referencing from and Active Directory server for user authentication. I was able to get it set up to log in as my AD account for Admin access, but the IronPort WSA can not.



  • 6.  RE: I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170.

    Posted May 05, 2015 10:57 AM

    Woah, Ok. I thought it was PAP, but as it turns out the authentication is NTLM protocol. I don't see that as a method for authentication in CPPM.



  • 7.  RE: I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170.

    Posted May 05, 2015 12:06 PM

    Has anyone had this issue, or tried to get the CPPM to work with a Cisco WSA before? Is this even possible to do?



  • 8.  RE: I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170.

    Posted May 15, 2015 03:33 PM

    you should check if it support RADIUS or TACACS+ as an authentication server, then the CPPM can play a role. if it is just LDAP, AD, NTLM you probably will have to interface with Windows AD directly.

     

    from a thread like this i would assume it is possible, it even shows a screenshot where:

    https://supportforums.cisco.com/discussion/11966116/ironport-s170-and-microsoft-radius