Security

Reply
New Contributor

Issue - COA enforcement profile never send to NAS

I focus a strange problem when i use  a [ArubaOS Switching - Terminate Session] enforcement profile, the radius response is vissible in accesstracker but never sends by clearpass to de NAS device. The radius response packets are not vissible in Wireshark and never sends to the NAS.

 

I Solved the problem by making a clone of the [ArubaOS Wireless - Terminate Session] template and change the attributes to be equal to the  [ArubaOS Switching - Terminate Session] template. 

 

It seems like i bug to me in Clearpass 6.7.2.105008.

The switch a 2920 with fw16.04 isnt the problem here, the problem is clearpass never sends de radius response that access tracker showns.

 

One thing i notice is that when i do a manualy COA in a accepted radius request in accesstracker only the wireless COA enforcement profiles are visible here.

 

Are other people seen the same issue here? Or do i missed something?

See also attechment with some screenshots of the issue in my test enviornment ;)

 

 

 

 

 

 

Guru Elite

Re: Issue - COA enforcement profile never send to NAS

1) A terminate session is a Disconnecf Message not a CoA
2) is your switch defined as Hewlett-Packard-Enterprise in Network Devices?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: Issue - COA enforcement profile never send to NAS

Hi Tim,

 

Thanks for your explenation. Actually disconnect request use coa port 3799 UDP, so thats why i called it COA. when i look in the show radius dyn-authorization, your right, its a disconnect message.

 

My Switch is in the vendor name group "aruba", so its a aruba 2920 switch. Actually it seem go like wrong here, if i change it to HPE switches then is looks beter.  :) so there you right to ;)

 

only dont see a different in de enforcement profiles what hists that choice. 

 

 

Guru Elite

Re: Issue - COA enforcement profile never send to NAS

Make sure you follow the ClearPass Solution Guide for Wired Policy Enforcement.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: