Security

Reply
Occasional Contributor II
Posts: 25
Registered: ‎01-07-2015

User Role not changing after the enforcement on the endpoint

Hi,

 

I have configured the wireless service will checks the user health and assigns the role based on the posture status. Here I am able to find the posture status of the endpoint using clearpass onguard agent. The clearpass is enforcing the healthy role post the successful check and the role is getting updated on the controller as well, but the issue is the user laptop is not getting changed to the health role, until the disconnection and connecting back to the wireless, the moment I disconnect the laptop and connect back it gets the healthy role.

 

Please help me….

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: User Role not changing after the enforcement on the endpoint

Are you applying a role with a new vlan or just a firewall change
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 25
Registered: ‎01-07-2015

Re: User Role not changing after the enforcement on the endpoint

Hi,

 

Yes, I am sending a new role with new VLAN.

 

MVP
Posts: 4,269
Registered: ‎07-20-2011

Re: User Role not changing after the enforcement on the endpoint

You need to make sure that you either add the CoA on the Health Service (If it is an Aruba controller or switch you need add Aruba terminate profile) or you can enable the Agent bounce if you are using the persistent agent.
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II
Posts: 25
Registered: ‎01-07-2015

Re: User Role not changing after the enforcement on the endpoint

Hi,

I have configured terminate session on the ClearPass if the agent updates the endpoint status as healthy, but still it’s not happening, if the user disconnects and connects back he is able to get the healthy profile.

 

I am using a persistent onguard agent on the endpoint, If I need to configure bounce, please let me know how I can configure.

 

Regards,

PRASANTH.

MVP
Posts: 4,269
Registered: ‎07-20-2011

Re: User Role not changing after the enforcement on the endpoint

[ Edited ]

Create an Agent Enforcement Profile and Enable to Bounce Client and then you need to add this to the Posture Policy 2015-08-14 15_19_35-ClearPass Policy Manager - Aruba Networks.png

  2015-08-14 15_23_12-ClearPass Policy Manager - Aruba Networks.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: