ClearPass 6.4.4
ArubaOS 6.4.2.3
Issue: ClearPass Access Tracker > Change Status > RADIUS COA > [Aruba Terminate Session] ClearPass gives a successful Radius terminate session message, but the Client/Controller does not respond.
I have 2 services running on ClearPass to enable 802.1x with Aruba controller, with health checks. On service for 802.1x with an enforcement policy to include a posture rule/condition. I also have the webauth service for OnGuard.
Initial sign-on and authentication to the network works beautifully.
I have the OnGuard set to check if the client has a firewall enabled. If it fails the health check, it assigns a role to only access a webpage that the OnGuard can be downloaded or use the dissolvable app. Once the heath is checked, and a healthy client is verified, a second authorization is forced, and CleaPass correctly assigns a new role for full access.
Now I want make sure OnGurad can detect changes, auto remediate, etc.
I'm also just checking the functionality of Radius COA.
(Auto-remediate isn't working either, but I'm thinking the issue with a manual terminate is what I need to fix to help out with that issue.)
When forcing a terminate session via the access tracker/change status, I get a successful message but no behaviour is seen from the the client or Controller.
This is my first attempt to validate this for a POC, so I appreciate any help or obvious thing I'm overlooking.
I've tried opening up the Aruba firewall rules to allow-all on every role, just to make sure nothing is blocking or misconfigured. I have also tried disabling the firewall on my client and sending the terminate session. All behavior is the same as above.
Thanks,
Colin King