Security

Reply
Occasional Contributor I

CoA quarantaine profile for X time

Hi,

I've a SIEM whichs sends a trigger when a virus is detected. the SIEM makes an API call to Clearpass, to reathorize the session.

reauthorize_session(sess, bearer, "CoA-Aruba-Role-Quarantined")

Now i need to define a CoA profile whichs terminate and quarantaine the device for a x time.

What profile do i need?

Guru Elite

Re: CoA profile for X time

That would ultimately require you to send another CoA to change the user role back.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: CoA profile for X time

Can i use the "Aruba-Change-User-Role" for that? and which role do i have to give it? can you explain some more how to do that?

Guru Elite

Re: CoA profile for X time

Yes, you’d do the exact same thing you did for the first call. The role would be whatever you want to assign.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: CoA profile for X time

When i try to change the rol. it says

Session-Context-Not-Found

screen.PNG

Guru Elite

Re: CoA profile for X time

Are you using the most recent authentication event?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: CoA profile for X time

Yes it's a test set-up, so only one host is connected to Clearpass and IAP

but action 2 says invalid request

screen2.PNG

Guru Elite

Re: CoA profile for X time

Does that role exist?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: CoA profile for X time

yesscreen3.PNG

Guru Elite

Re: CoA profile for X time

That’s a ClearPass role. Does the role exist on the IAP/controller?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: