What is in your Enforcement profile?
What is the Vendor Type in the Network Device configuration?
The message indicates these are incompatible. If you use a Nortel VSA, the Network Device should be set to Nortel. Also, the RADIUS Dictionary should be Enabled.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 16, 2021 07:03 AM
From: Neil Bishop
Subject: Nortel Passport Policy not working on CPPM
Here are some of the screenshots from the Access Tracker.... The last one that says 'No Enforcement Profiles are applicable for this Device' Is the message I can't understand because my devices are set up to require the profiles so why is it saying not applicable!!
------------------------------
Neil
Original Message:
Sent: Jul 16, 2021 05:09 AM
From: Neil Bishop
Subject: Nortel Passport Policy not working on CPPM
I've checked the 'Monitor Mode' and it is disabled. Please see these screenshots to show how my policy is set up.
------------------------------
Neil
Original Message:
Sent: Jul 15, 2021 12:35 PM
From: Danny Jump
Subject: Nortel Passport Policy not working on CPPM
Neil,
in the service-policy have you accidentally enabled 'Monitor Mode'.... this effectively disables enforcement and forces CPPM to send a RADIUS Access-Accept?
------------------------------
Danny Jump
"Passionate about CPPM"
Original Message:
Sent: Jul 15, 2021 03:35 AM
From: Neil Bishop
Subject: Nortel Passport Policy not working on CPPM
In your rules evaluation are you set to First applicable or All matches? First applicable
In AT in the Output tab is their a RADIUS Response listed? I will need to get back to you on this as I don't have access to my CPPM today.
In AT in the Output tab what enforcement profiles are listed? None, which i think is my problem because my Passports cant see what attribute values to give the user.
Have you set the default profile to an ACCEPT Profile? No my default is set to Deny Access.
Are you doing any role-mapping before enforcement? Yes, I have 4 User access levels so I have to use role-mapping. e.g. Local User Repository: Role_Name EQUALS Read_Only. The role-mapping is set to first applicable as well.
I am back in my office tomorrow so might be able to get some screenshots as well if needed.
cheers
------------------------------
Neil
Original Message:
Sent: Jul 14, 2021 05:06 PM
From: Danny Jump
Subject: Nortel Passport Policy not working on CPPM
Not sure where to start, there is a lot to check/review....
So you see the authN from the client/device hitting CPPM in Access-Tracker {AT}, and then CPPM is returning an RADIUS-Accept, so,
In your rules evaluation are you set to First applicable or All matches?
In AT in the Output tab is their a RADIUS Response listed?
In AT in the Output tab what enforcement profiles are listed?
Have you set the default profile to an ACCEPT Profile?
Are you doing any role-mapping before enforcement?
------------------------------
Danny Jump
"Passionate about CPPM"
Original Message:
Sent: Jul 14, 2021 11:06 AM
From: Neil Bishop
Subject: Nortel Passport Policy not working on CPPM
Hi,
I am currently testing ClearPass policy manager. I am trying to get a RADIUS policy working for Access control to my Nortel Passports, I have 4 different user priviledge levels and have set up the policy as i think it should be.
I had to first export the pre installed 'Nortel' Dictionary because it didnt contain the 'Allowed Values' i needed for the Attributes i use. The dictionary attributes are then used in my ClearPass 'Enforcement Profiles and Policy', Which i have then added to the Main Services Policy.
However the Enforcement policy is being ignored when i try to login to one of my Nortel Passports. IF i go to the Live monitoring Access Tracker it shows my Login status as 'ACCEPT' but the passport obviously isnt letting me in still as it cant see the enforcement policy/profile to let me in with! How do i resolve this issue?
I have tried multiple different options to try and force it to look at the Enforcement policy but nothing appears to be working.
Regards
Neil
------------------------------
Neil Bishop
------------------------------