Security

Hello,

6.11

Pub and standby pub + 4 subscribers

Is there an way to check whether ClearPass thinks a FreeRADIUS server that it proxies to is up or down?

We recently had some disruptive router works done, we had to failover our ClearPass cluster to our B site and then back again and rebuilding the cluster was a little problematic. Two of the ClearPass subscribers (when re-added to the cluster) started filling up with Proxy event messages marking the two FreeRADIUS servers as down (and auths looked to be failing). We took those two ClearPass boxes out of the AOS server group so are no longer sending requests to them. The logs stopped filling with messages but I'm not sure whether that is just because we have stopped sending messages, or whether they have now marked the FR servers as up.

How does ClearPass ascertain whether a peer is up or not? Is that info easily viewable?

Thanks,

Guy 

Proxy operation is set with the Proxy section of the per-server service parameters.  ClearPass is behaving the same against a proxy target as a NAS acts against ClearPass, sending a request and waiting for a reply, successive failures (i.e., "maximum retry count") will result in the target being marked as dead for a period of time.

https://www.arubanetworks.com/techdocs/ClearPass/6.12/PolicyManager/Content/CPPM_UserGuide/Admin/ServerConfig_serviceparamsradiusserver.htm

Hello,

6.11

Pub and standby pub + 4 subscribers

Is there an way to check whether ClearPass thinks a FreeRADIUS server that it proxies to is up or down?

We recently had some disruptive router works done, we had to failover our ClearPass cluster to our B site and then back again and rebuilding the cluster was a little problematic. Two of the ClearPass subscribers (when re-added to the cluster) started filling up with Proxy event messages marking the two FreeRADIUS servers as down (and auths looked to be failing). We took those two ClearPass boxes out of the AOS server group so are no longer sending requests to them. The logs stopped filling with messages but I'm not sure whether that is just because we have stopped sending messages, or whether they have now marked the FR servers as up.

How does ClearPass ascertain whether a peer is up or not? Is that info easily viewable?

Thanks,

Guy 

Thanks Carson,

Apologies for the slow response. Does ClearPass send 'test' requests periodically automatically? Or is that something we need to set up? 

Guy

Proxy operation is set with the Proxy section of the per-server service parameters.  ClearPass is behaving the same against a proxy target as a NAS acts against ClearPass, sending a request and waiting for a reply, successive failures (i.e., "maximum retry count") will result in the target being marked as dead for a period of time.

https://www.arubanetworks.com/techdocs/ClearPass/6.12/PolicyManager/Content/CPPM_UserGuide/Admin/ServerConfig_serviceparamsradiusserver.htm

Hello,

6.11

Pub and standby pub + 4 subscribers

Is there an way to check whether ClearPass thinks a FreeRADIUS server that it proxies to is up or down?

We recently had some disruptive router works done, we had to failover our ClearPass cluster to our B site and then back again and rebuilding the cluster was a little problematic. Two of the ClearPass subscribers (when re-added to the cluster) started filling up with Proxy event messages marking the two FreeRADIUS servers as down (and auths looked to be failing). We took those two ClearPass boxes out of the AOS server group so are no longer sending requests to them. The logs stopped filling with messages but I'm not sure whether that is just because we have stopped sending messages, or whether they have now marked the FR servers as up.

How does ClearPass ascertain whether a peer is up or not? Is that info easily viewable?

Thanks,

Guy