SD-WAN

Hey Everyone,

I know I am probably missing something small on this.  We are working on setting up a new SD-Branch environment, and one of the big things that we have is delivering Vlans/Roles from our CPPM to devices.   I seem to be having some issues with the 9000 devices initiating a radius session with the CPPM on plug in.  Switch wise you of course set this up per port, but it seems you do this per vlan on the gateway.  I have done this, but I am still not seeing any trafffic actually going to the clearpass. 

I have servers and server groups set up

I have a custom AAA policy set up

I am using the default MAC auth L2

I have the AA policy applied to all vlans.

Any help would be greatly appreciated

are the VLAN set to untrusted?

Hey Everyone,

I know I am probably missing something small on this.  We are working on setting up a new SD-Branch environment, and one of the big things that we have is delivering Vlans/Roles from our CPPM to devices.   I seem to be having some issues with the 9000 devices initiating a radius session with the CPPM on plug in.  Switch wise you of course set this up per port, but it seems you do this per vlan on the gateway.  I have done this, but I am still not seeing any trafffic actually going to the clearpass. 

I have servers and server groups set up

I have a custom AAA policy set up

I am using the default MAC auth L2

I have the AA policy applied to all vlans.

Any help would be greatly appreciated

The port is trusted and the Vlan has the AAA policy attached to it.  

We have our own auth setup, but I just moved it to default that we set up the same settings to anonomyze

are the VLAN set to untrusted?

Hey Everyone,

I know I am probably missing something small on this.  We are working on setting up a new SD-Branch environment, and one of the big things that we have is delivering Vlans/Roles from our CPPM to devices.   I seem to be having some issues with the 9000 devices initiating a radius session with the CPPM on plug in.  Switch wise you of course set this up per port, but it seems you do this per vlan on the gateway.  I have done this, but I am still not seeing any trafffic actually going to the clearpass. 

I have servers and server groups set up

I have a custom AAA policy set up

I am using the default MAC auth L2

I have the AA policy applied to all vlans.

Any help would be greatly appreciated

if the vlans are trusted, then there will not go through any form of authentication.

The port is trusted and the Vlan has the AAA policy attached to it.  

We have our own auth setup, but I just moved it to default that we set up the same settings to anonomyze

are the VLAN set to untrusted?

Hey Everyone,

I know I am probably missing something small on this.  We are working on setting up a new SD-Branch environment, and one of the big things that we have is delivering Vlans/Roles from our CPPM to devices.   I seem to be having some issues with the 9000 devices initiating a radius session with the CPPM on plug in.  Switch wise you of course set this up per port, but it seems you do this per vlan on the gateway.  I have done this, but I am still not seeing any trafffic actually going to the clearpass. 

I have servers and server groups set up

I have a custom AAA policy set up

I am using the default MAC auth L2

I have the AA policy applied to all vlans.

Any help would be greatly appreciated