Security

Reply
Frequent Contributor II

profiling with coa doesnt work

Hi all,
I have an issue with profiling using coa. My coa works fine, it can disconnect users after allowing the user to do a dhcp process. But i have an issue where in my endpoint, the user endpoint category wont get updated. It's like the option55 doesnt get forwarded to the clearpass or my clearpass cannot read it.
I tried to sniff the dhcp process and i can confirm thr option55 is there in the request.
All happens in same subnet so firewall should not be an issue.
I need an idea what i have to check. Kinda stuck here. Thanks in advance.
Ricky E. Lee
CWNA | ACMP | ACCP
Frequent Contributor II

Re: profiling with coa doesnt work

One more thing, the access switch is the dhcp server, both wlc and switch already has helper address to clearpass.
Ricky E. Lee
CWNA | ACMP | ACCP

Re: profiling with coa doesnt work

Look at this from the perspective of not profiling. Don't bring in CoA to this yet as an issue or part of it. Is anything profiling in ClearPass? 

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Guru Elite

Re: profiling with coa doesnt work

Many switches will not relay if the the server is in the same subnet.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II

Re: profiling with coa doesnt work

Hi Seth, let say it doesnt. What do i check?

Hi Tim. I use 2960. It works in my lab and i only restore everything to my customer poc environment. The different is just the 2960 the dhcp server now.
Ricky E. Lee
CWNA | ACMP | ACCP
Frequent Contributor II

Re: profiling with coa doesnt work

found the workaround.

seems like i cannot run the access switch that forwarding ip helper as dhcp server.

when i remove dhcp server config from the switch and put it on other devices, profiling works just fine. probably just a bug on switch side. i am using 15.2(2)E7

Ricky E. Lee
CWNA | ACMP | ACCP
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: