Security

Reply
MVP
Posts: 1,404
Registered: ‎11-30-2011

HP procurve switch loosing CoA ability

been doing some ClearPass work on a NAC setup with HP switches (26xx and 23xx series). the technote have been very helpfull.

 

in the end i did end up with the issue the technote describes*. when doing both MAC and dot1x then at some point you can't do CoA anymore. ClearPass seems to believe the switch can't do CoA so it greys out the option. If i just do MAC or dot1x it works fine.

 

as the technote is already some months old and im sure there is some heavy HP switch / Aruba CPPM work being done has anyone found a full solution for this? the mentioned work around is limited. someone perhaps already has a bug ID or such, with time line on solution?

 

*)

First, we sometimes lose the capability to send a CoA, CPPM no longer believes the NAD is capable, so, CoA option is not available in Access Tracker entry.  We narrowed this down to the fact that HP sends 802.1x request and MAB request at the same time and it appears like this confuses CPPM if we send an ACCEPT to both.  It should be noted that on initial auth, their is no issue, but if we send a CoA, we see an 802.1x and MAB request come in and that is where the problem occurs.
Search Airheads
Showing results for 
Search instead for 
Did you mean: