Security

Reply
Occasional Contributor II
Posts: 15
Registered: ‎08-30-2016

Clearpass Policy for reauthentication period per user on AOS Switch

[ Edited ]

Hi,

Is it possible to send different reauthentication period for wired 802.1x authentications to a aos 16.01 (2530) Switch via Clearpass policy ?

I want to change the reauthentication timer for specific usergroups  and policys in clearpass to a different timer, than predefined on the switch in the aaa config.

So is it possible to send the reauthentication - period via clearpass policy to the swich? thanks a lot

Guru Elite
Posts: 8,761
Registered: ‎09-08-2010

Re: Clearpass Policy for reauthentication timer per user on AOS Switch

Yes, you can use the standard IETF Session-Timeout AVP.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 15
Registered: ‎08-30-2016

Re: Clearpass Policy for reauthentication timer per user on AOS Switch

Do i have to change the aaa config on the Switch, to accept the reauth timer ?

Thanks

Guru Elite
Posts: 21,512
Registered: ‎03-29-2007

Re: Clearpass Policy for reauthentication timer per user on AOS Switch

[ Edited ]

In the AAA profile you need to enable the reauthentication parameter, and then enable the "Use server-provided reauthentication interval"

 

http://www.arubanetworks.com/techdocs/ArubaOS_73_Web_Help/Default.htm#mas_guides/802.1x/Configuring_802_1x_Authe.htm?Highlight=reauthentication



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 15
Registered: ‎08-30-2016

Re: Clearpass Policy for reauthentication timer per user on AOS Switch

HI, i can`t find the server provided reauthentication interval, i `ve got a Aruba 2530 Switch with Softwareversion 16.01

Thanks

Guru Elite
Posts: 21,512
Registered: ‎03-29-2007

Re: Clearpass Policy for reauthentication timer per user on AOS Switch

I apologize.  The radius session timeout attribute should be sufficient for AOS switch...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 15
Registered: ‎08-30-2016

Re: Clearpass Policy for reauthentication timer per user on AOS Switch

Hi, i`ve done some testing, and configured a rule with 120 seconds sessiontimeout for the test. but the timeout the clearpass is sending to the switch isn`t working, i`ve attached a screenshot of the clearpass enforcementpolicy and the timeoutinformations on the switch

Occasional Contributor II
Posts: 15
Registered: ‎08-30-2016

Re: Clearpass Policy for reauthentication timer per user on AOS Switch

Here`s the switch configuration:

hostname "HP-2530-8G"
radius-server host 10.40.200.100 key "Install1!"
radius-server host 10.40.200.100 dyn-authorization
radius-server host 10.40.200.100 time-window 0
radius-server host 10.40.200.99 key "Install1!"
radius-server host 10.40.200.99 dyn-authorization
radius-server host 10.40.200.99 time-window 0
ip default-gateway 10.40.200.254
snmp-server community "public" unrestricted
aaa accounting update periodic 3
aaa accounting network start-stop radius
aaa authentication port-access eap-radius
aaa port-access authenticator 7-8
aaa port-access authenticator 7 client-limit 4
aaa port-access authenticator 8 client-limit 4
aaa port-access authenticator active
aaa port-access mac-based 7-8
aaa port-access mac-based 7 addr-limit 4
aaa port-access mac-based 8 addr-limit 4
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-10
   no ip address
   exit
vlan 200
   name "Mgmt"
   tagged 1
   ip address 10.40.200.200 255.255.255.0
   exit

Search Airheads
Showing results for 
Search instead for 
Did you mean: