10-11-2016 05:46 AM
I have a TAC case open for this but it's been a bit slow to get anywhere with it. So I'm trying here.
We are using Clearpass to allow guests to register their own devices on our network (Airgroup). The device creation works just fine, but when someone goes to edit the access list for that device after the fact, things start to break down.
So as the Subject says... how do you get Clearpass Guest Mac_Edit to send a COA to the controller? We can do it manually with a Access Tracker -> Change Status or via the controller command line with a "aaa user delete mac $mac_address" but that is no real solution. We need the form to send the COA so that the changes take affect.
Currently without manual intervention (i.e. and Admin manaually sending the COA) the device has to stay unplugged from the controller/network for 16 minutes and 40 seconds before the changes are reflected on the controllers. Where is the setting for the device timeout? I can't find anything on the controllers that match this timing.
Can a COA be sent from the Clearpass Guest form?
10-11-2016 05:59 AM
Try adding the change_of_authorization field to your form.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX
10-11-2016 06:07 AM - edited 10-11-2016 06:07 AM
Already in the form and does not work. A packet capture even shows that the COA is not sent. (That is the first thing we tried.)
Someone from TAC also tried adding a "mac_auth" to the form in hopes it would send a COA. It also does not send it.