AAA, NAC, Guest Access & BYOD

 View Only
last person joined: 3 days ago 

Clearpass, CPPM, OnBoard, OnGuard, Guest, QuickConnect, AirGroup, IntroSpect

Why ClearPass is not initiating change of authorization(CoA) for rejected radius request client?

By esupport Unpublished

  
Q:

 

  • Why ClearPass is not initiating a CoA request to disconnect the client post rejecting the client's Radius request by responding with access-reject response?


A:

 

  • ClearPass uses internal cache "Battery" DB to store the client Radius request data & using data stored in "Battery" DB, CoA will be initiated
  • Starting from the 6.6.2 version, ClearPass stopped storing the data of rejected Radius requests (Access-Reject) in "Battery" DB
  • Due to this design change, CoA will not be triggered for the client if its Radius request is rejected by ClearPass for any reason
  • In case if we need the CoA for any guest/device registration workflow for the new clients then we need to make sure the initial MAC-Auth should be a success by using "Allow All MAC Auth" authentication method. With Access-Accept, we could redirect the new clients to the portal page if necessary using the enforcement profile for registration purposes.
0 comments
29 views