Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass log for Reauth

  • 1.  ClearPass log for Reauth

    Posted Dec 16, 2020 11:41 PM

    Hi,

    I have two questions :)

    1. Is there a log on ClearPass that shows when it sends RADIUS Terminate Session or Bounce Port messages?
    2. Also, is there a standard Reauth period enforced by ClearPass on MAC Auth sessions?

    The use case is MAC Auth on Aruba CX switch. AAA Port Access MAC Auth on the switch ports is configured to not while the Client is still connected. I want to see if ClearPass is periodically ending the Auth session?

    Thanks in advance

    Col



    ------------------------------
    colan haisell
    ------------------------------


  • 2.  RE: ClearPass log for Reauth

    Posted Dec 17, 2020 02:09 AM

    Yes, buts it not currently exposed for direct real-time access, it can be access as part of 'collect-logs' then reviewed offline. There is an enhancement request to expose this data under syslog in a later release TBD.



    ------------------------------
    Danny Jump
    "Passionate about CPPM"
    ------------------------------



  • 3.  RE: ClearPass log for Reauth

    Posted Dec 17, 2020 04:39 PM

    Thanks Danny. What is the name of the particular log file?



    ------------------------------
    colan haisell
    ------------------------------



  • 4.  RE: ClearPass log for Reauth

    Posted Dec 17, 2020 04:54 PM

    cmdctrl.log



    ------------------------------
    Danny Jump
    "Passionate about CPPM"
    ------------------------------



  • 5.  RE: ClearPass log for Reauth

    Posted Dec 17, 2020 09:45 PM

    Thanks Danny. Looking through that file now.



    ------------------------------
    colan haisell
    ------------------------------



  • 6.  RE: ClearPass log for Reauth

    Posted Dec 17, 2020 10:04 AM

    The standard reauth interval is typically a setting on the switch. Most switches access the IETF:Session-Timeout attribute with a number in seconds for the re-auth interval, for some switches you will need to configure if the RADIUS supplied timeout is honored.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 7.  RE: ClearPass log for Reauth

    Posted Dec 17, 2020 04:44 PM

    Thanks Herman. By default on ArubaOS CX 6300 [firmware 10.05.0021] the dot1x and mac-auth authenticator REAUTH is disabled.



    ------------------------------
    colan haisell
    ------------------------------



  • 8.  RE: ClearPass log for Reauth

    Posted Dec 18, 2020 03:24 AM

    You can add the reauthentication interval in the enforcement profile when you use Donwloadable User Roles

    AOS-CX DUR



    ------------------------------
    Erik Eckhardt
    ------------------------------