Wired Intelligent Edge

Hi

I am trying to test MAC Auth for wired devices. ClearPass should profile the device and then bounce the port. What I am finding, is that ClearPass is correctly profiling the device and adding it to Endpoint but doesn't bounce the port. If I manually bounce the port on the switch, the device is applied the correct role on the switch.

The following is a summary of the configuration:
- Both ClearPass and the switch are running the same NTP server
- The switch is running WC.16.10.0005 and ClearPass is 6.9.0.130064
- The switch's vendor name in ClearPass is Aruba
- The profiler has [ArubaOS Switching - Bounce Switch Port] set
- The switch has dyn-authorization and time-window 0 set

Is there anything else I should be checking?

Check that both ClearPass and the swith are using NTP.

Faced multiple times that kind of issues and it was because of the time difference.

------------------------------
Gaston Gabas
------------------------------

Original Message:
Sent: Feb 23, 2021 08:34 PM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi

I am trying to test MAC Auth for wired devices. ClearPass should profile the device and then bounce the port. What I am finding, is that ClearPass is correctly profiling the device and adding it to Endpoint but doesn't bounce the port. If I manually bounce the port on the switch, the device is applied the correct role on the switch.

The following is a summary of the configuration:
- Both ClearPass and the switch are running the same NTP server
- The switch is running WC.16.10.0005 and ClearPass is 6.9.0.130064
- The switch's vendor name in ClearPass is Aruba
- The profiler has [ArubaOS Switching - Bounce Switch Port] set
- The switch has dyn-authorization and time-window 0 set

Is there anything else I should be checking?

Thanks for responding. Yes both devices are on the same NTP server and I checked that their time is in sync.
Original Message:
Sent: Feb 27, 2021 08:20 PM
From: Gaston Gabas
Subject: ClearPass/2930F will not bounce port

Check that both ClearPass and the swith are using NTP.

Faced multiple times that kind of issues and it was because of the time difference.

------------------------------
Gaston Gabas

Original Message:
Sent: Feb 23, 2021 08:34 PM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi

I am trying to test MAC Auth for wired devices. ClearPass should profile the device and then bounce the port. What I am finding, is that ClearPass is correctly profiling the device and adding it to Endpoint but doesn't bounce the port. If I manually bounce the port on the switch, the device is applied the correct role on the switch.

The following is a summary of the configuration:
- Both ClearPass and the switch are running the same NTP server
- The switch is running WC.16.10.0005 and ClearPass is 6.9.0.130064
- The switch's vendor name in ClearPass is Aruba
- The profiler has [ArubaOS Switching - Bounce Switch Port] set
- The switch has dyn-authorization and time-window 0 set

Is there anything else I should be checking?

Check if the device you are trying to bounce is the right vendor in clearpass, remember the aruba switch is hpe vendor, think the aruba vendor is for access points

------------------------------
Morten Johannsen
------------------------------

Original Message:
Sent: Feb 23, 2021 08:34 PM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi

I am trying to test MAC Auth for wired devices. ClearPass should profile the device and then bounce the port. What I am finding, is that ClearPass is correctly profiling the device and adding it to Endpoint but doesn't bounce the port. If I manually bounce the port on the switch, the device is applied the correct role on the switch.

The following is a summary of the configuration:
- Both ClearPass and the switch are running the same NTP server
- The switch is running WC.16.10.0005 and ClearPass is 6.9.0.130064
- The switch's vendor name in ClearPass is Aruba
- The profiler has [ArubaOS Switching - Bounce Switch Port] set
- The switch has dyn-authorization and time-window 0 set

Is there anything else I should be checking?

HPE isn't an option in my version of clearpass.
Original Message:
Sent: Mar 01, 2021 01:36 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Check if the device you are trying to bounce is the right vendor in clearpass, remember the aruba switch is hpe vendor, think the aruba vendor is for access points

------------------------------
Morten Johannsen

Original Message:
Sent: Feb 23, 2021 08:34 PM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi

I am trying to test MAC Auth for wired devices. ClearPass should profile the device and then bounce the port. What I am finding, is that ClearPass is correctly profiling the device and adding it to Endpoint but doesn't bounce the port. If I manually bounce the port on the switch, the device is applied the correct role on the switch.

The following is a summary of the configuration:
- Both ClearPass and the switch are running the same NTP server
- The switch is running WC.16.10.0005 and ClearPass is 6.9.0.130064
- The switch's vendor name in ClearPass is Aruba
- The profiler has [ArubaOS Switching - Bounce Switch Port] set
- The switch has dyn-authorization and time-window 0 set

Is there anything else I should be checking?

Hewlett-Packard-Enterprise is a vendor

------------------------------
Morten Johannsen
------------------------------

Original Message:
Sent: Mar 01, 2021 01:47 AM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

HPE isn't an option in my version of clearpass.
Original Message:
Sent: Mar 01, 2021 01:36 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Check if the device you are trying to bounce is the right vendor in clearpass, remember the aruba switch is hpe vendor, think the aruba vendor is for access points

------------------------------
Morten Johannsen

Original Message:
Sent: Feb 23, 2021 08:34 PM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi

I am trying to test MAC Auth for wired devices. ClearPass should profile the device and then bounce the port. What I am finding, is that ClearPass is correctly profiling the device and adding it to Endpoint but doesn't bounce the port. If I manually bounce the port on the switch, the device is applied the correct role on the switch.

The following is a summary of the configuration:
- Both ClearPass and the switch are running the same NTP server
- The switch is running WC.16.10.0005 and ClearPass is 6.9.0.130064
- The switch's vendor name in ClearPass is Aruba
- The profiler has [ArubaOS Switching - Bounce Switch Port] set
- The switch has dyn-authorization and time-window 0 set

Is there anything else I should be checking?

These are the options that I get. Do I need to so anything to enable HPE?


Original Message:
Sent: Mar 01, 2021 01:52 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Hewlett-Packard-Enterprise is a vendor

------------------------------
Morten Johannsen

Original Message:
Sent: Mar 01, 2021 01:47 AM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

HPE isn't an option in my version of clearpass.
Original Message:
Sent: Mar 01, 2021 01:36 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Check if the device you are trying to bounce is the right vendor in clearpass, remember the aruba switch is hpe vendor, think the aruba vendor is for access points

------------------------------
Morten Johannsen

Original Message:
Sent: Feb 23, 2021 08:34 PM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi

I am trying to test MAC Auth for wired devices. ClearPass should profile the device and then bounce the port. What I am finding, is that ClearPass is correctly profiling the device and adding it to Endpoint but doesn't bounce the port. If I manually bounce the port on the switch, the device is applied the correct role on the switch.

The following is a summary of the configuration:
- Both ClearPass and the switch are running the same NTP server
- The switch is running WC.16.10.0005 and ClearPass is 6.9.0.130064
- The switch's vendor name in ClearPass is Aruba
- The profiler has [ArubaOS Switching - Bounce Switch Port] set
- The switch has dyn-authorization and time-window 0 set

Is there anything else I should be checking?

Hi again, iv had the problem, and my fix was under the configuration - network - device, there you can enable Radius coa and what port



------------------------------
Morten Johannsen
------------------------------

Original Message:
Sent: Mar 01, 2021 02:04 AM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

These are the options that I get. Do I need to so anything to enable HPE?

Original Message:
Sent: Mar 01, 2021 01:52 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Hewlett-Packard-Enterprise is a vendor

------------------------------
Morten Johannsen

Original Message:
Sent: Mar 01, 2021 01:47 AM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

HPE isn't an option in my version of clearpass.
Original Message:
Sent: Mar 01, 2021 01:36 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Check if the device you are trying to bounce is the right vendor in clearpass, remember the aruba switch is hpe vendor, think the aruba vendor is for access points

------------------------------
Morten Johannsen

Original Message:
Sent: Feb 23, 2021 08:34 PM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi

I am trying to test MAC Auth for wired devices. ClearPass should profile the device and then bounce the port. What I am finding, is that ClearPass is correctly profiling the device and adding it to Endpoint but doesn't bounce the port. If I manually bounce the port on the switch, the device is applied the correct role on the switch.

The following is a summary of the configuration:
- Both ClearPass and the switch are running the same NTP server
- The switch is running WC.16.10.0005 and ClearPass is 6.9.0.130064
- The switch's vendor name in ClearPass is Aruba
- The profiler has [ArubaOS Switching - Bounce Switch Port] set
- The switch has dyn-authorization and time-window 0 set

Is there anything else I should be checking?

Hi.

Yes I originally had it set to Hewlett-Packard-Enterprise but it still only gave me Aruba Switch port bounce, nothing for HPE.
Original Message:
Sent: Mar 01, 2021 02:08 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Hi again, iv had the problem, and my fix was under the configuration - network - device, there you can enable Radius coa and what port



------------------------------
Morten Johannsen

Original Message:
Sent: Mar 01, 2021 02:04 AM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

These are the options that I get. Do I need to so anything to enable HPE?

Original Message:
Sent: Mar 01, 2021 01:52 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Hewlett-Packard-Enterprise is a vendor

------------------------------
Morten Johannsen

Original Message:
Sent: Mar 01, 2021 01:47 AM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

HPE isn't an option in my version of clearpass.
Original Message:
Sent: Mar 01, 2021 01:36 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Check if the device you are trying to bounce is the right vendor in clearpass, remember the aruba switch is hpe vendor, think the aruba vendor is for access points

------------------------------
Morten Johannsen

Original Message:
Sent: Feb 23, 2021 08:34 PM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi

I am trying to test MAC Auth for wired devices. ClearPass should profile the device and then bounce the port. What I am finding, is that ClearPass is correctly profiling the device and adding it to Endpoint but doesn't bounce the port. If I manually bounce the port on the switch, the device is applied the correct role on the switch.

The following is a summary of the configuration:
- Both ClearPass and the switch are running the same NTP server
- The switch is running WC.16.10.0005 and ClearPass is 6.9.0.130064
- The switch's vendor name in ClearPass is Aruba
- The profiler has [ArubaOS Switching - Bounce Switch Port] set
- The switch has dyn-authorization and time-window 0 set

Is there anything else I should be checking?

Can you, from Access Tracker, do a Change Status and you should be able to select CoA and have the ArubaOS Switching actions:

If you see different actions here, the Vendor is not set to Hewlett Packard Enterprise in the Network Device definition, and also the options you see here are the only ones you can (should) select in the profiler action tab.

Also, if there is a failure you can see the failure reason when manually triggering the CoA. First make sure that manual CoA is successful, only after that try the automatic response in Profiling.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Mar 01, 2021 06:00 PM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi.

Yes I originally had it set to Hewlett-Packard-Enterprise but it still only gave me Aruba Switch port bounce, nothing for HPE.
Original Message:
Sent: Mar 01, 2021 02:08 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Hi again, iv had the problem, and my fix was under the configuration - network - device, there you can enable Radius coa and what port



------------------------------
Morten Johannsen

Original Message:
Sent: Mar 01, 2021 02:04 AM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

These are the options that I get. Do I need to so anything to enable HPE?

Original Message:
Sent: Mar 01, 2021 01:52 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Hewlett-Packard-Enterprise is a vendor

------------------------------
Morten Johannsen

Original Message:
Sent: Mar 01, 2021 01:47 AM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

HPE isn't an option in my version of clearpass.
Original Message:
Sent: Mar 01, 2021 01:36 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Check if the device you are trying to bounce is the right vendor in clearpass, remember the aruba switch is hpe vendor, think the aruba vendor is for access points

------------------------------
Morten Johannsen

Original Message:
Sent: Feb 23, 2021 08:34 PM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi

I am trying to test MAC Auth for wired devices. ClearPass should profile the device and then bounce the port. What I am finding, is that ClearPass is correctly profiling the device and adding it to Endpoint but doesn't bounce the port. If I manually bounce the port on the switch, the device is applied the correct role on the switch.

The following is a summary of the configuration:
- Both ClearPass and the switch are running the same NTP server
- The switch is running WC.16.10.0005 and ClearPass is 6.9.0.130064
- The switch's vendor name in ClearPass is Aruba
- The profiler has [ArubaOS Switching - Bounce Switch Port] set
- The switch has dyn-authorization and time-window 0 set

Is there anything else I should be checking?

Hi.

Sorry for the slow reply. I think I have the switch and profile tab set correctly but I can't do a CoA from the Change Status page.

If I go to Change Status from Access Tracker, I only see the following:


The Network Device Vendor Name is set to Hewlett-Packard-Enterprise:


Original Message:
Sent: Mar 03, 2021 05:58 AM
From: Herman Robers
Subject: ClearPass/2930F will not bounce port

Can you, from Access Tracker, do a Change Status and you should be able to select CoA and have the ArubaOS Switching actions:

If you see different actions here, the Vendor is not set to Hewlett Packard Enterprise in the Network Device definition, and also the options you see here are the only ones you can (should) select in the profiler action tab.

Also, if there is a failure you can see the failure reason when manually triggering the CoA. First make sure that manual CoA is successful, only after that try the automatic response in Profiling.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Mar 01, 2021 06:00 PM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi.

Yes I originally had it set to Hewlett-Packard-Enterprise but it still only gave me Aruba Switch port bounce, nothing for HPE.
Original Message:
Sent: Mar 01, 2021 02:08 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Hi again, iv had the problem, and my fix was under the configuration - network - device, there you can enable Radius coa and what port



------------------------------
Morten Johannsen

Original Message:
Sent: Mar 01, 2021 02:04 AM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

These are the options that I get. Do I need to so anything to enable HPE?

Original Message:
Sent: Mar 01, 2021 01:52 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Hewlett-Packard-Enterprise is a vendor

------------------------------
Morten Johannsen

Original Message:
Sent: Mar 01, 2021 01:47 AM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

HPE isn't an option in my version of clearpass.
Original Message:
Sent: Mar 01, 2021 01:36 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Check if the device you are trying to bounce is the right vendor in clearpass, remember the aruba switch is hpe vendor, think the aruba vendor is for access points

------------------------------
Morten Johannsen

Original Message:
Sent: Feb 23, 2021 08:34 PM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi

I am trying to test MAC Auth for wired devices. ClearPass should profile the device and then bounce the port. What I am finding, is that ClearPass is correctly profiling the device and adding it to Endpoint but doesn't bounce the port. If I manually bounce the port on the switch, the device is applied the correct role on the switch.

The following is a summary of the configuration:
- Both ClearPass and the switch are running the same NTP server
- The switch is running WC.16.10.0005 and ClearPass is 6.9.0.130064
- The switch's vendor name in ClearPass is Aruba
- The profiler has [ArubaOS Switching - Bounce Switch Port] set
- The switch has dyn-authorization and time-window 0 set

Is there anything else I should be checking?

Ok, in that first screenshot of change status you should be able to see the RADIUS CoA option first.

Have you enabled accounting in your switch? That may be required and you should see the 'Accounting' tab in Access Tracker.
If you have accounting enabled, and see the Accounting tab in Access Tracker and still don't see RADIUS CoA as an option, can you check if Insight is enabled from the Server Configuration, and enable it if it isn't? I don't think Insight is a requirement, but it's one of the first things I turn on for additional visibility/reporting.

It may be a good point to reach out to Aruba TAC Support if you still can't make it work, we must be missing something very basic.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Mar 22, 2021 12:11 AM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi.

Sorry for the slow reply. I think I have the switch and profile tab set correctly but I can't do a CoA from the Change Status page.

If I go to Change Status from Access Tracker, I only see the following:

The Network Device Vendor Name is set to Hewlett-Packard-Enterprise:

The RADIUS CoA Action on the Profiler tab is set as follows:

Thanks.

Original Message:
Sent: Mar 03, 2021 05:58 AM
From: Herman Robers
Subject: ClearPass/2930F will not bounce port

Can you, from Access Tracker, do a Change Status and you should be able to select CoA and have the ArubaOS Switching actions:

If you see different actions here, the Vendor is not set to Hewlett Packard Enterprise in the Network Device definition, and also the options you see here are the only ones you can (should) select in the profiler action tab.

Also, if there is a failure you can see the failure reason when manually triggering the CoA. First make sure that manual CoA is successful, only after that try the automatic response in Profiling.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Mar 01, 2021 06:00 PM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi.

Yes I originally had it set to Hewlett-Packard-Enterprise but it still only gave me Aruba Switch port bounce, nothing for HPE.
Original Message:
Sent: Mar 01, 2021 02:08 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Hi again, iv had the problem, and my fix was under the configuration - network - device, there you can enable Radius coa and what port



------------------------------
Morten Johannsen

Original Message:
Sent: Mar 01, 2021 02:04 AM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

These are the options that I get. Do I need to so anything to enable HPE?

Original Message:
Sent: Mar 01, 2021 01:52 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Hewlett-Packard-Enterprise is a vendor

------------------------------
Morten Johannsen

Original Message:
Sent: Mar 01, 2021 01:47 AM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

HPE isn't an option in my version of clearpass.
Original Message:
Sent: Mar 01, 2021 01:36 AM
From: Morten Johannsen
Subject: ClearPass/2930F will not bounce port

Check if the device you are trying to bounce is the right vendor in clearpass, remember the aruba switch is hpe vendor, think the aruba vendor is for access points

------------------------------
Morten Johannsen

Original Message:
Sent: Feb 23, 2021 08:34 PM
From: Matthew Collins
Subject: ClearPass/2930F will not bounce port

Hi

I am trying to test MAC Auth for wired devices. ClearPass should profile the device and then bounce the port. What I am finding, is that ClearPass is correctly profiling the device and adding it to Endpoint but doesn't bounce the port. If I manually bounce the port on the switch, the device is applied the correct role on the switch.

The following is a summary of the configuration:
- Both ClearPass and the switch are running the same NTP server
- The switch is running WC.16.10.0005 and ClearPass is 6.9.0.130064
- The switch's vendor name in ClearPass is Aruba
- The profiler has [ArubaOS Switching - Bounce Switch Port] set
- The switch has dyn-authorization and time-window 0 set

Is there anything else I should be checking?