Wireless Access

Reply
Highlighted
Frequent Contributor I

NAD address in Aruba cluster setup

HI 

 

have a setup with a customer, like this: 
VRRP for aruba-master - 192.168.1.100
VRRP for cotroller 1 in cluster: 192.168.1.13

VRRP for controller 2 in cluster 192.168.1.14

 

however, in NPS i see both 1.100 and 1.13 as NAD device in logs. Why is it shifting back and forth? shouldn't it always be the IP-Addresses for the VRRP for the cluster - as mentioned in the LAB SETUP VRD for AOS 8.2.X ? 

Highlighted
MVP
MVP

Re: NAD address in Aruba cluster setup

Hi,

 

I assume by "VRRP for aruba-master" you are talking about the cluster wide VRRP address, which you use to point DNS to? So that your accesspoints can by pointed there?

 

Anyway. I don't see access tracker entries, showing this address in my installations.

But what you see is dependend on what authentication you are performing. (Users at APs / APs at controllers / admins at controller UI / ...).

So maybe you can provide some sanitized access tracker output?

 

For users authenticating at your wireless network you should see in access tracker input tab:

- Radius:IETF:NAS-Identifier pointing to the node IP of the controller

- Radius:IETF:NAS-IP-Address pointing to the VRRP address specific to the same cluster node

 

Regards,

Jörg

 

Please give kudos, if you like my post.
Please Accept as solution, if my post was helpful.
Highlighted
Frequent Contributor I

Re: NAD address in Aruba cluster setup

thanks for getting back to me.

yes, vrrp for aruba-master is for access point discovery. 

 

in Radius Logs we sometimes see that particular address, other times we see the VRRP addresses that's configured in the cluster setup. This changes after reboot. straight after reboot aruba-master VRRP is listed, after some time - cluster VRRP shows, and naturally authentication fails due to wrong radius client

Highlighted
MVP
MVP

Re: NAD address in Aruba cluster setup

as a workarround, you could add the aruba-master VRRP as NAD to clearpass... Shoukld work, if you use the same radius-key for all nodes in the cluster.

 

Maybe the arubamaster VRRP IP is active some time before the cluster node specific VRRP? You could test this with constant pings while rebooting...

 

I do not see that behaviour, but do not reboot the controller too often ;-)

 

Regards,

Jörg

Please give kudos, if you like my post.
Please Accept as solution, if my post was helpful.
Highlighted

Re: NAD address in Aruba cluster setup

What have you set the RADIUS Client NAS IP address to on the controllers? Or is it left as default?

 

 


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Highlighted
Frequent Contributor I

Re: NAD address in Aruba cluster setup

no NAS-IP set in AAA-radius server, only NAS identifiet. From VRD; 

 

ArubaOS reserves VRRP instance IDs in the 220-255 range. When the master of each instance sends RADIUS requests to the RADIUS server it injects the VIP of its instance into the message as the NAS-IP by default.

 

not sure if addig NAS-IP in radius setup here would trouble the CoA and VRRP. 

I've never given this any thought before - but a Radius message cannot have 2 NAD-IP--- i guess

Highlighted
Frequent Contributor I

Re: NAD address in Aruba cluster setup

it's a PoC so workaround is not a good way to go. Will have customer add NAD-IP in configuration

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: