Meru wireless controller bug

11/24/2017

Hi,

I ran into a bug today with an wireless controller of Meru. The customer had an wireless network with 802.1x authentication with reauthentication.

Within the access tracker i saw a lot of rejects from this controller.


Radius:IETF:Called-Station-Id    %mac%
Radius:IETF:Calling-Station-Id    %mac%
Radius:IETF:Connect-Info    CONNECT Unknown Radio
Radius:IETF:Framed-MTU    1250
Radius:IETF:NAS-IP-Address    %IP% from meru controller
Radius:IETF:NAS-Port    0
Radius:IETF:NAS-Port-Type    19
Radius:IETF:Service-Type    1
Radius:IETF:User-Name    %mac same as Calling station ID%


After a while i figured out that in the security profile both " MAC Auth Primary RADIUS Profile Name " and " MAC Auth Secondary RADIUS Profile Name " where filled in.

"MAC Filtering" was configured as off, so if i wanted to change this i needed to put is on and change it to no radius and set it back to off. The Meru controller did nothing with this change.

Trough the cli i tried it also with the following commands under the security profile:

no mac-filter-radius-server primary

no mac-filter-radius-server secondary

But when you exit you receive the following error:

Error:Acl Environment state and MAC Primary and Secondary Radius Profile valid only if mac filtering is on

So i created a new security profile and set it to the ESS of the network with the issue and the problem of the rejects disappeared.

PS: After applying the new security profile every client needs the re-authenticate. 


Categories: Clearpass

Leave Comment