Security

last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Wired-health-check in NAC

This thread has been viewed 2 times

  • 1.  Wired-health-check in NAC

    Posted Nov 14, 2016 09:50 AM

    Hello

     

    My company network working in NAC system. We have different VLAN's configured in our network.

     

    We have made a wired-check-policy as under:

      1- check user name in AD, if its ok then send it guest network and go further

      2- check health of system, if its healthy then go further otherwise guest network

      3- if system healthy then then again verify user name and mac address in our database the join this system our internal network.

     

    Result:    policy perfect work with all systems.

     

    Problem: I got a problem in one system. this system using a two different users.

     

    user 1: 8:00 to 12:00

    user 2: 12:00 to 5:00

     

    when user 1 log in to system then NAC send him to guest network.

    when user 2 log in to system then NAC send him to internal network

     

    I thought may be problem with user account. Then I try log in with user 1 in different system. NAC send him to internal network. That means its not a problem with user account.

     

    I have also checked the time of system. Its also correct.

     

    Error :  clearpass onguard service can't enable user 1 but with user 2 automatice enable.

     

    Kindly can anyone tell me what should I check.

     

    Thanks 

     

    Tariq

     

     

        

         

     

     



  • 2.  RE: Wired-health-check in NAC

    Posted Nov 14, 2016 10:15 AM

     

    What does the access tracker say? 

     

    Also what is occurring in step 3 and if this step fails does the user just get guest access?

     

    "3- if system healthy then then again verify user name and mac address in our database the join this system our internal network."

     

    Can you post the enforcement policy for this step?



  • 3.  RE: Wired-health-check in NAC

    Posted Nov 15, 2016 02:41 AM
      |   view attached

    Hello

     

    Thank you for your replay.

     

    I have attached a docx file. In this file you can find a service and access tracker status.

     

    regards

    Attachment(s)

    docx
    Services NAC.docx   542 KB 1 version


  • 4.  RE: Wired-health-check in NAC
    Best Answer

    Posted Nov 15, 2016 04:34 AM

    OK, so it's just a single computer that's failing to health check prior to authentication.

     

    FIrstly I'd recommend reinstalling the OnGUard client on that machine.

     

    If the issue continues I'd recommend logging it with TAC. They're the best people to analyse the OnGuard logs for you.



  • 5.  RE: Wired-health-check in NAC

    Posted Nov 22, 2016 08:01 AM

    Hello Dear

     

    Thank you for your replay.

     

    I just uninstall clearpass onguard and reinstall and problem was finished.

     

    Now I can see this user in specifiek network.

     

    Thanks en regards

     

    Tariq