Security

Hello Everyone, 

I just want to ask if anyone of you already setup a Eduroam with Clearpass ? it seems that there is no valid documentation for clearpass integration . I just read the documentation from Giant https://archive.geant.org/projects/gn3/geant/services/cbp/Documents/cbp-79_guide_to_configuring_eduroam_using_the_aruba_wireless_controller_and_clearpass.pdf but it seems not updated. if anyone already implement it and you have a step by step guide , may I ask for your guidance. as of now im having trouble in communicating between the FLR server still figuring out why it wont able to reach the FLR (Federal Level Radius server )server and it gives me a radius authentication failed error.

Hello Everyone, 

I just want to ask if anyone of you already setup a Eduroam with Clearpass ? it seems that there is no valid documentation for clearpass integration . I just read the documentation from Giant https://archive.geant.org/projects/gn3/geant/services/cbp/Documents/cbp-79_guide_to_configuring_eduroam_using_the_aruba_wireless_controller_and_clearpass.pdf but it seems not updated. if anyone already implement it and you have a step by step guide , may I ask for your guidance. as of now im having trouble in communicating between the FLR server still figuring out why it wont able to reach the FLR (Federal Level Radius server )server and it gives me a radius authentication failed error.

I know there are many customers using ClearPass for eduroam (or govroam, or publicroam which are similar mechanisms). For RADIUS proxy, I would not rely too much on policy simulation. Do you see in Access Tracker the correct service matched? Do you see the same with an actual request through a wireless SSID eduroam?

Did you register/authorized your ClearPass with the public IP (or NAT) with your federation partner/national eduroam? If the source IP or shared secret doesn't match, the FLR may just drop your incoming requests.

Access Tracker may provide more information (Alert tab, show logs). Also, you could run a packet capture on ClearPass (via Server Manager, Collect Logs) or an upstream device to see if there is a RADIUS packet going out (and maybe coming back).

Your authentication seems that the RADIUS service does not respond, which may be service classification, RADIUS shared secrets, firewall, routing, etc.

Working with your Aruba partner or Aruba TAC may be useful as well, to step by step find where in the process the issue may be and from there troubleshoot more specifically. Eduroam proxy is quite common and should just work if you 'follow the rules' (in ClearPass, routing, firewalls, with your national provider).

Hello Everyone, 

I just want to ask if anyone of you already setup a Eduroam with Clearpass ? it seems that there is no valid documentation for clearpass integration . I just read the documentation from Giant https://archive.geant.org/projects/gn3/geant/services/cbp/Documents/cbp-79_guide_to_configuring_eduroam_using_the_aruba_wireless_controller_and_clearpass.pdf but it seems not updated. if anyone already implement it and you have a step by step guide , may I ask for your guidance. as of now im having trouble in communicating between the FLR server still figuring out why it wont able to reach the FLR (Federal Level Radius server )server and it gives me a radius authentication failed error.

I know there are many customers using ClearPass for eduroam (or govroam, or publicroam which are similar mechanisms). For RADIUS proxy, I would not rely too much on policy simulation. Do you see in Access Tracker the correct service matched? Do you see the same with an actual request through a wireless SSID eduroam?

Did you register/authorized your ClearPass with the public IP (or NAT) with your federation partner/national eduroam? If the source IP or shared secret doesn't match, the FLR may just drop your incoming requests.

Access Tracker may provide more information (Alert tab, show logs). Also, you could run a packet capture on ClearPass (via Server Manager, Collect Logs) or an upstream device to see if there is a RADIUS packet going out (and maybe coming back).

Your authentication seems that the RADIUS service does not respond, which may be service classification, RADIUS shared secrets, firewall, routing, etc.

Working with your Aruba partner or Aruba TAC may be useful as well, to step by step find where in the process the issue may be and from there troubleshoot more specifically. Eduroam proxy is quite common and should just work if you 'follow the rules' (in ClearPass, routing, firewalls, with your national provider).

Hello Everyone, 

I just want to ask if anyone of you already setup a Eduroam with Clearpass ? it seems that there is no valid documentation for clearpass integration . I just read the documentation from Giant https://archive.geant.org/projects/gn3/geant/services/cbp/Documents/cbp-79_guide_to_configuring_eduroam_using_the_aruba_wireless_controller_and_clearpass.pdf but it seems not updated. if anyone already implement it and you have a step by step guide , may I ask for your guidance. as of now im having trouble in communicating between the FLR server still figuring out why it wont able to reach the FLR (Federal Level Radius server )server and it gives me a radius authentication failed error.