Wireless Access

last person joined: 17 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

clearpass not responding to instant radius requests

This thread has been viewed 3 times

  • 1.  clearpass not responding to instant radius requests

    EMPLOYEE
    Posted Nov 07, 2013 08:01 AM

    I'm going absolutely bonkers here cause I'm sure I had it working in the past.  My ClearPass does not respond to my Instant radius requests.  It responds to a controller fine, but just not the Instant AP I have.

     

    • I've added the VC into to the devices list with the correct shared secret.
    • packets are being received by CPPM according to a capture, but it just doesn't respond.
    • I've flattened the Instant and started again.  Same result.
    • I've deleted the Instant from the devices list in CPPM and readded.  Same result.
    • Same result for both users and 'aaa test' command.

    Any suggestions please?



  • 2.  RE: clearpass not responding to instant radius requests

    EMPLOYEE
    Posted Nov 07, 2013 08:06 AM

    Is there anything in the service/access tracker or the event log?



  • 3.  RE: clearpass not responding to instant radius requests

    EMPLOYEE
    Posted Nov 07, 2013 08:07 AM

    What's your NAS IP set to? Does it match in ClearPass? Are you seeing anything in the ClearPass event viewer?

     

    You may have to set up Dynamic RADIUS Proxy so that it uses the same source IP no matter which AP is the VC.

     

     



  • 4.  RE: clearpass not responding to instant radius requests

    EMPLOYEE
    Posted Nov 07, 2013 08:09 AM

    absolutely nothing in event viewer or anywhere else.  The controller based user did work, but there was still nothing for that either.

     

    All I managed to do was get a packet capture to confirm the request are hitting clearpass.

     

    And yes, dynamic-radius enabled and correct ip etc.



  • 5.  RE: clearpass not responding to instant radius requests

    EMPLOYEE
    Posted Nov 07, 2013 08:11 AM

    Do you have another RADIUS server you can test against?  Not sure why you aren't seeing anything for a WORKING user in accesss tracker.  That's odd.  



  • 6.  RE: clearpass not responding to instant radius requests

    EMPLOYEE
    Posted Nov 07, 2013 08:12 AM

    the Windows Radius server responds fine.



  • 7.  RE: clearpass not responding to instant radius requests

    EMPLOYEE
    Posted Nov 07, 2013 08:13 AM

    I would go and collect logs (with the packet capture) and open up a TAC case...



  • 8.  RE: clearpass not responding to instant radius requests

    EMPLOYEE
    Posted Nov 07, 2013 08:20 AM

    will do.  It's only a lab box, but I'm setting up for a demo at a trade event.  So far, not really much to demonstrate.

     

    Although it's not a microsoft box, I've rebooted anyway.  See what happens.



  • 9.  RE: clearpass not responding to instant radius requests

    EMPLOYEE
    Posted Nov 07, 2013 08:30 AM
    @Michael_Clarke wrote:

    will do.  It's only a lab box, but I'm setting up for a demo at a trade event.  So far, not really much to demonstrate.

     

    Although it's not a microsoft box, I've rebooted anyway.  See what happens.

    You should install NTradping http://www.novell.com/coolsolutions/tools/14377.html on a Windows laptop and test radius authentications to your ClearPass box to see if something is wrong.

     



  • 10.  RE: clearpass not responding to instant radius requests

    EMPLOYEE
    Posted Nov 07, 2013 03:16 PM

    Great tool Colin.  Unfortunately it didn't work on the Windows machine I tried. 

     

    Strangely, it responds to the Instant now, so who knows what was going on before.  Nothing in access tracker though.