Security

Reply
Occasional Contributor II

Delete users when they're stuck in a role?

When a new device connects, we put them into a needs_profiling role that only allows DHCP so they can get profiled, then send a CoA.  This works for a lot of devices, but doesn't work for many others.  Because of this we often end up with devices that get stuck in the needs_profiling role.

 

Is there a way to detect when a device has been in a role for x minutes and then execute an action on that device?  We already have the CLI commands configured that we could trigger on these clients, I just can't work out the first part.

Guru Elite

Re: Delete users when they're stuck in a role?

It should always work. Are you seeing the disconnect request being issued on the ones that are stuck?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Delete users when they're stuck in a role?

I just checked one that's stuck right now, and although it shows the  [Aruba Terminate Session] enforcement profile, the actual radius output doesn't show the CoA.

Guru Elite

Re: Delete users when they're stuck in a role?

On the original RADIUS request, do you see a CoA tab?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Delete users when they're stuck in a role?

Actually no, all of the ones currently stuck are on the same controller and none show the CoA tab.  With that said, I've seen intermittent CoA success at some of our other sites too.  I'm off to figure out why this one controller isn't taking CoA requests.

Guru Elite

Re: Delete users when they're stuck in a role?

That's the best place to start. Please work with TAC. Your original ask is not possible.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: