Security

Reply
Contributor I
Posts: 20
Registered: ‎04-03-2007

How do you send a COA from within a Clearpass guest mac_edit device form?

I have a TAC case open for this but it's been a bit slow to get anywhere with it. So I'm trying here.

 

We are using Clearpass to allow guests to register their own devices on our network (Airgroup). The device creation works just fine, but when someone goes to edit the access list for that device after the fact, things start to break down.

 

So as the Subject says... how do you get Clearpass Guest Mac_Edit to send a COA to the controller? We can do it manually with a Access Tracker -> Change Status or via the controller command line with a "aaa user delete mac $mac_address" but that is no real solution. We need the form to send the COA so that the changes take affect.

 

Currently without manual intervention (i.e. and Admin manaually sending the COA) the device has to stay unplugged from the controller/network for 16 minutes and 40 seconds before the changes are reflected on the controllers. Where is the setting for the device timeout? I can't find anything on the controllers that match this timing.

 

Can a COA be sent from the Clearpass Guest form?

Aruba
Posts: 1,643
Registered: ‎04-13-2009

Re: How do you send a COA from within a Clearpass guest mac_edit device form?

Try adding the change_of_authorization field to your form.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Contributor I
Posts: 20
Registered: ‎04-03-2007

Re: How do you send a COA from within a Clearpass guest mac_edit device form?

[ Edited ]

Already in the form and does not work. A packet capture even shows that the COA is not sent. (That is the first thing we tried.)

 

Someone from TAC also tried adding a "mac_auth" to the form in hopes it would send a COA. It also does not send it.

Search Airheads
Showing results for 
Search instead for 
Did you mean: