Security

Reply
New Contributor

OnConnect Intermittent Issues

Hi All,

 

I am currently implementing OnConnect Enforcement in my lab environment and it's working relatively well. I am however having some intermittent issues with our NEC DT700 series VoIP phones. OnConnect successfully categorizes the phone and applies the correct role and enforcement profile, however when I look through the alerts tab in the access tracker I get the following:

 

SNMP Service: MAC address lookup failed for host=00-60-b9-8b-1a-98

Enforcement failed

 

As a result, no port change/reset is requested via SNMP to the switch. In this case, it is an Aruba 2920 running 16.06 firmware. ClearPass is on 6.7.0.

 

I can change the port and sometimes it will work successfully, without any further changes to configuration.

 

Any ideas? Many thanks.

 

Re: OnConnect Intermittent Issues

Did you follow the ClearPass Solution Guide: Wired Policy Enforcement?

 

It has a section on OnConnect for the ArubaOS switches. From your error, there might be an issue with the SNMP traps for new MAC addresses not coming into the switch.

 

Having said that, if you have ArubaOS switches, in 99.9% of all cases, it is better to deploy MAC authentication together with Profiler for headless devices. It has better features and works much faster as MAC Authentication is pro-active (before the device connects to the network), and OnConnect is reactive (respond to SNMP traps) which works but is not the recommended way if you can do MAC Authentication and/or 802.1X.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: