12-16-2015 12:11 PM
I've got a ClearPass client that is having issues with a couple of policies. Their goal is to limit the user on two fronts:
1. Throttle bandwidth determined on how long they've been connected (the longer they've been connected, the less bandwidth they have)
2. Throttle bandwidth determined on how much they've already consumed (the more they consume, the less bandwidth they have).
They've set up the policies and as far as I can tell they look ok, however I don't think the controller is actually getting the CoA RFC 3576 info correctly. They're experiencing two issues:
1. ClearPass doesn't actually register how long they've been authenticated until after they manually disconnect from the network, and then reconnect
2. Clients are not getting derivated to different roles based off of bandwidth consumption.
Does anyone want to take a stab at this? What should I look for?
Thanks in advance!
01-18-2016 02:19 PM - edited 01-18-2016 04:11 PM
Ah sorry boneyard, I didn't see this response until I logged in.
I don't have visibility into their system, but I can check to see if they're seeing accounting messages. How quickly do they refresh? I think I need to check and see if UDP 1813 is open statefully as well, since they might not be getting return auth from Radius.
I'll let you know what I find out.