Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Brocade ICX 7150 COA Profile

This thread has been viewed 16 times

  • 1.  Brocade ICX 7150 COA Profile

    Posted Jul 20, 2021 12:24 PM
    Hello everyone,

    First time poster here. I am having a hard time finding the right attributes to build a CoA profile for a ICX 7150, this is what I have now.


    SSH@ICX7150-24p-B426#show ver
    Copyright (c) Ruckus Networks, Inc. All rights reserved.
    UNIT 1: compiled on Sep 22 2019 at 23:54:26 labeled as SPS08090d
    (28660224 bytes) from Primary SPS08090d.bin (UFI)
    SW: Version 08.0.90dT211
    Compressed Primary Boot Code size = 786944, Version:10.1.15T225 (mnz10115)
    Compiled on Thu Jan 31 02:08:55 2019

    HW: Stackable ICX7150-24-POE

    I also have, what I think is the way to turn on coa on the switch side:

    aaa authentication web-server default radius local enable
    aaa authentication dot1x default radius
    aaa authentication login default radius local enable
    aaa authentication login privilege-mode
    aaa authorization coa enable
    aaa accounting commands 0 default start-stop radius
    aaa accounting exec default start-stop radius
    aaa accounting system default start-stop radius


    radius-client coa host 10.6.0.8 key 2 XXXX
    radius-client coa host 10.6.0.9 key 2 XXXX
    radius-server host 10.6.0.8 auth-port 1812 acct-port 1813 default key 2 XXXX dot1x mac-auth web-auth
    radius-server host 10.6.0.9 auth-port 1812 acct-port 1813 default key 2 XXXX dot1x mac-auth web-auth

    Any help would be appreciated.

    Thanks








    ------------------------------
    Jorge Suarez
    ------------------------------


  • 2.  RE: Brocade ICX 7150 COA Profile

    Posted Jul 21, 2021 01:51 AM
    Hi Jorge.

    Did you enable Ruckus Radius dictionary in ClearPass?

    Best, Gorazd

    ------------------------------
    Gorazd Kikelj
    ------------------------------

    Original Message


  • 3.  RE: Brocade ICX 7150 COA Profile

    Posted Jul 21, 2021 07:50 AM
    Hello,

    yes I have both brocade and ruckus enabled.



    ------------------------------
    Jorge Suarez
    ------------------------------

    Original Message


  • 4.  RE: Brocade ICX 7150 COA Profile

    Posted Jul 21, 2021 02:02 AM
    You can find required CoA parameters here 

    foundry-coa-command

    10

    string

    Specifies to perform CoA command dynamically on the port or host after the device or user is authenticated.

    disable-port - Disables the specified port.

    reauth-host - Re-authenticate the host specified by MAC address.

    flip-port - Brings the port up and down with some delay between the toggle.

    modify-acl - Replace the specified ACL with the session's existing ACL. Modify-ACL is supported with the Filter-Id (11) attribute. The IP ACL specified through the Filter-Id attribute replaces the session's existing ACL configuration.

    Best, Gorazd

    ------------------------------
    Gorazd Kikelj
    ------------------------------

    Original Message


  • 5.  RE: Brocade ICX 7150 COA Profile

    Posted Jul 21, 2021 08:00 AM
    Sorry if I am asking basic questions, but does this enforcement look ok for CoA? I will be able to test later today and tomorrow



    ------------------------------
    Jorge Suarez
    ------------------------------

    Original Message


  • 6.  RE: Brocade ICX 7150 COA Profile

    Posted Jul 21, 2021 09:16 AM
    Hi Jorge.

    I never work with Ruckus and just found this info with few minutes of google search. Try and you will see the result.


    Best, Gorazd

    ------------------------------
    Gorazd Kikelj
    ------------------------------

    Original Message


  • 7.  RE: Brocade ICX 7150 COA Profile

    Posted Jul 21, 2021 09:26 AM

    Look in this thread for some additional information.

    Best, Gorazd

    ------------------------------
    Gorazd Kikelj
    ------------------------------

    Original Message