Wired Intelligent Edge

Hello forum,

I have a lab where I am connecting an Aruba Central managed CX switch via a firewall to Clearpass as radius server. The client works with MAC-based authentication via Clearpass. This works well until the switch tries to download the role from Clearpass. The command "show port-access clients detail" shows that the client is authenticated but role download fails:

**************

Authorization Details

  ----------------------

    Role   : OT_Lab2-3066-2

    Status : Download Failed

Role Information:

Name  : OT_Lab2-3066-2

Type  : clearpass

Status: Failed, Server Credentials Not Found

*********************************************

The switch does not even try to connect to Clearpass via https (firewall logs show that). So it seems to be a config issue on the switch. The config had to be changed via CLI and "aruba-central support-mode because in Central, I cannot add the required commands for DUR:

radius-server host xyz.de key ciphertext KEY clearpass-username ot-lab clearpass-password ciphertext CYPHER

I'm sure I made a mistake during config. But where to look?

Do you have the ClearPass server's HTTPS certificate loaded onto the switch?

See this post about loading the certificate. You will have to do this in the CLI with Aruba Central Support mode enabled.

AOS-CX Downloadable User Role (DUR) simple steps to Configure! | Wired Intelligent Edge (arubanetworks.com)

Hello forum,

I have a lab where I am connecting an Aruba Central managed CX switch via a firewall to Clearpass as radius server. The client works with MAC-based authentication via Clearpass. This works well until the switch tries to download the role from Clearpass. The command "show port-access clients detail" shows that the client is authenticated but role download fails:

**************

Authorization Details

  ----------------------

    Role   : OT_Lab2-3066-2

    Status : Download Failed

Role Information:

Name  : OT_Lab2-3066-2

Type  : clearpass

Status: Failed, Server Credentials Not Found

*********************************************

The switch does not even try to connect to Clearpass via https (firewall logs show that). So it seems to be a config issue on the switch. The config had to be changed via CLI and "aruba-central support-mode because in Central, I cannot add the required commands for DUR:

radius-server host xyz.de key ciphertext KEY clearpass-username ot-lab clearpass-password ciphertext CYPHER

I'm sure I made a mistake during config. But where to look?

Hello forum,

I have a lab where I am connecting an Aruba Central managed CX switch via a firewall to Clearpass as radius server. The client works with MAC-based authentication via Clearpass. This works well until the switch tries to download the role from Clearpass. The command "show port-access clients detail" shows that the client is authenticated but role download fails:

**************

Authorization Details

  ----------------------

    Role   : OT_Lab2-3066-2

    Status : Download Failed

Role Information:

Name  : OT_Lab2-3066-2

Type  : clearpass

Status: Failed, Server Credentials Not Found

*********************************************

The switch does not even try to connect to Clearpass via https (firewall logs show that). So it seems to be a config issue on the switch. The config had to be changed via CLI and "aruba-central support-mode because in Central, I cannot add the required commands for DUR:

radius-server host xyz.de key ciphertext KEY clearpass-username ot-lab clearpass-password ciphertext CYPHER

I'm sure I made a mistake during config. But where to look?