Security

Hi,

 

I've been working through configuring Clearpass to Auth our Extreme (formerly Enterasys) B5 switches.  I have jsut about everything working except for CoA.  Does anyone know how to innitiate a CoA to one of those switches?

 

Thanks

 

--B

Same here - if I have the MIB to send a CoA to an Enterasys switch, how can I incorporate that into clearpass?

MIBs are not used with RADIUS.

Did you try using the IETF COA template?

Perhaps I didn't phrase my question correctly - I'm trying to force reauthentication of a port on an Enterasys switch via Clearpass. I looked breifly at the IETF COA template but didn't have any luck in implementing it. I've found some MIBs that would allow setting a reauthentication on a switch port, but I'm not sure how I can call that from Clearpass.

MIBs are used for SNMP based enforcement. Are you trying to use OnConnect?

What happened when you used the standard IETF template?

We're actually making progress with the IETF Radius CoA to the Enterasys switch. It now seems to be a matter of correctly configuring the Enterasys switch to allow Clearpass as an RFC 3576 server so it will accept the CoA.

Yes you need to configure ClearPass as a dynamic authorization client.

It appears at first glance our switches (Enterasys B5) do not support RFC 3576 (based on a run-through of the supported specs for the switch). I'm thinking now my only option is the SNMP route. I've found a MIB I think will do the trick, but making that SNMP call from Clearpass is where I'm stuck.

I'm trying to add an SNMP Based Enforcement Profile but I don't see any option to specificy a specific SNMP MIB to perform a reauthentication on the switch. The only options I seem to have are VLANID and session options, which I'm not sure the switch is going to do anything with.