Security

Reply
New Contributor
Posts: 1
Registered: ‎12-08-2016

Cleapass CoA to Enterasys switch (B5)

Hi,

 

I've been working through configuring Clearpass to Auth our Extreme (formerly Enterasys) B5 switches.  I have jsut about everything working except for CoA.  Does anyone know how to innitiate a CoA to one of those switches?

 

Thanks

 

--B

Occasional Contributor II
Posts: 38
Registered: ‎04-22-2016

Re: Cleapass CoA to Enterasys switch (B5)

Same here - if I have the MIB to send a CoA to an Enterasys switch, how can I incorporate that into clearpass?

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Cleapass CoA to Enterasys switch (B5)

MIBs are not used with RADIUS.

Did you try using the IETF COA template?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 38
Registered: ‎04-22-2016

Re: Cleapass CoA to Enterasys switch (B5)

Perhaps I didn't phrase my question correctly - I'm trying to force reauthentication of a port on an Enterasys switch via Clearpass. I looked breifly at the IETF COA template but didn't have any luck in implementing it. I've found some MIBs that would allow setting a reauthentication on a switch port, but I'm not sure how I can call that from Clearpass.

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Cleapass CoA to Enterasys switch (B5)

MIBs are used for SNMP based enforcement. Are you trying to use OnConnect?

What happened when you used the standard IETF template?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 38
Registered: ‎04-22-2016

Re: Cleapass CoA to Enterasys switch (B5)

We're actually making progress with the IETF Radius CoA to the Enterasys switch. It now seems to be a matter of correctly configuring the Enterasys switch to allow Clearpass as an RFC 3576 server so it will accept the CoA.

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Cleapass CoA to Enterasys switch (B5)

Yes you need to configure ClearPass as a dynamic authorization client.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 38
Registered: ‎04-22-2016

Re: Cleapass CoA to Enterasys switch (B5)

It appears at first glance our switches (Enterasys B5) do not support RFC 3576 (based on a run-through of the supported specs for the switch). I'm thinking now my only option is the SNMP route. I've found a MIB I think will do the trick, but making that SNMP call from Clearpass is where I'm stuck.

Occasional Contributor II
Posts: 38
Registered: ‎04-22-2016

Re: Cleapass CoA to Enterasys switch (B5)

I'm trying to add an SNMP Based Enforcement Profile but I don't see any option to specificy a specific SNMP MIB to perform a reauthentication on the switch. The only options I seem to have are VLANID and session options, which I'm not sure the switch is going to do anything with.

Search Airheads
Showing results for 
Search instead for 
Did you mean: