Security

Reply
Occasional Contributor II

Clearpass API to Change Status

I'm looking for the correct API syntax to change device status in Clearpass. Users who complete the process of transitioning from a captive role to an authorized role for access are not being reauthorized and as a result I'd like to force that reauthorization with a Change Status: [Aruba Terminate Session] to force a role refresh.

 

The API documention speaks about Change Status but it appears to be separate from the functionality I need. Thank you!

Guru Elite

Re: Clearpass API to Change Status

In API Explorer, take a look at Identity > Endpoint which will give all the
attributes for an endpoint including the status.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass API to Change Status

Thank you for the quick response, Tim.

 

I looked at the endpoint status attribute, but that appears to be restricted to Known, Unknown and Disabled. Would changing this attribute value cause the endsystem to reauthenticate against Radius? Would I need to make the API call to the controller instead?

Guru Elite

Re: Clearpass API to Change Status

My apologies, my answer was the opposite of what you asked. Misread.

 

Try using Danny's solution here:

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Clearpass-COA-disconnect-using-API/td-p/257285

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass API to Change Status

No worries - this looks very promising, I'll give it a shot. Thanks again!!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: