Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Cisco switch :"PRE Event Handling - apply dummy user profile (2)"

This thread has been viewed 0 times

  • 1.  Cisco switch :"PRE Event Handling - apply dummy user profile (2)"

    Posted Mar 25, 2014 11:55 PM

    HI Aruba,

     

    We encounter issue in which the computer which is a domain PC and using valid domain AD ID is being drop due to "PRE Event Handling". Any related case for this?

     

    This is the output of the " show authentication session interface G2/0/1 policy"

    Model: 3750X

    IOS: 15.2(1)E1

     


    SWITCH-3750X-ES01#sho authentication sessions interface g2/0/1 policy
                Interface:  GigabitEthernet2/0/1
              MAC Address:  xxxx.xxxx.xxxx
             IPv6 Address:  Unknown
             IPv4 Address:  Unknown
                User-Name:  DOMAIN\valid_id
                   Status:  Unauthorized
                   Domain:  DATA
           Oper host mode:  multi-auth
         Oper control dir:  in
          Session timeout:  N/A
        Common Session ID:  0ABE01D1000002C54E806445
          Acct Session ID:  Unknown
                   Handle:  0x7200029D
           Current Policy:  POLICY_Gi2/0/1
               Blocked On:  PRE Event Handling - apply dummy user profile (2)

    Local Policies:
            Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150)
          Security Policy:  Should Secure
          Security Status:  Link Unsecure

    Server Policies:
           Linksec Policy:  NONE

    Resultant Policies:
          Security Policy:  Should Secure
          Security Status:  Link Unsecure

    Method status list:
           Method           State
           dot1x            Authc Success

    Thank you.



  • 2.  RE: Cisco switch :"PRE Event Handling - apply dummy user profile (2)"

    EMPLOYEE
    Posted Mar 26, 2014 12:21 AM

    What errors or respons are you seeing in CPPM when the client connects?



  • 3.  RE: Cisco switch :"PRE Event Handling - apply dummy user profile (2)"

    Posted Mar 26, 2014 12:42 AM
      |   view attached

    Hi Tarnold,

     

    Thanks for your reply.

     

    From the accesstracker the user is being accepted. but I noticed that the CoA keeps triggering even the endpoint is already profiled (see attached CoA screenshot). We encounter this issue only in cisco switch 3750X IOS version 15.2(1)E1. So far it only happen twice.We temporarlity set the port to "authentication open" to allow the user.

     

     

    From the switch we don't see the mac address of the device in the CAM table. but the Authentication session is still there in the port.

     

    Thanks.



  • 4.  RE: Cisco switch :"PRE Event Handling - apply dummy user profile (2)"

    EMPLOYEE
    Posted Mar 26, 2014 12:51 AM

    If you are not having any issues with other IOS versions, then I would start by troubleshooting the switch. If the same service works fine on other IOS versions then their must have been a change in that version. 

     

    Are you having the same issue with the same switch with a different IOS?

     

    At the same time you should also open a TAC case so they can also double check your service. 



  • 5.  RE: Cisco switch :"PRE Event Handling - apply dummy user profile (2)"

    Posted Mar 26, 2014 09:00 PM

    We have a lot of 3750X model which is using older IOS below 15.2(1)E1. the behavior is that the mac address is being drop when enabling the 802.1x. I have try the mac-move, clear the authentication session, and CoA from the CPPM still dosen't work.

     

    Will open a TAC case. Thanks