We use 802.1X on our network for user authentication and assigning VLANs dynamically. Our edge switches (Brocade) and Aruba Controller are configured to use Aruba ClearPass to authenticate each user. ClearPass uses LDAP (freeIPA) to look up users. ClearPass is currently configured to pass user to IP mappings to the PA via the API. My problem is that I can't see all the users on the PA who authenticate successfully with ClearPass. I can see users authenticating in the ClearPass logs but when I check the firewall, I don't see that user's userid on the PA logs. It appears as if ClearPass is not updating the PA completely or the PA is not receiving/accepting all of the data. I am not sure if the problem is the ClearPass side or the PA side. Any ideas?
You can check your configuration and test the syslog receiver with the instructions here.
Steven, thanks for that information. I followed the documentation but I am not having luck getting the new server monitor to connect. It just shows "not connected". I've tried creating a new ClearPass configuration to output syslogs to the PAs management interface and several other things, but without success.
Also, it seems this would be alternative for ip to userid mappings than the approach I was taking with having ClearPass output everything it has to the PAs API. Is that correct?
Yes, this is a way to get user ip mappings via syslog directly.
Since this is not connected there is either a configuration issue on one side, or the traffic is not reaching the PA.
Do you have a way to run a span port on the PA side to confirm the syslog data is arriving?
Thanks for the help Steven. We are currently analyzing traffic to see if can gather more information. I'll post again when I have more details.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!