Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass dynamic vlan with juniper EX Switch CoA Port Bounce

This thread has been viewed 23 times

  • 1.  Clearpass dynamic vlan with juniper EX Switch CoA Port Bounce

    Posted Oct 11, 2021 04:35 AM
    We are setting up dynamic vlans with clearpass EX3400 Switches but we dont get CoA port bounce to work.

    Anybody here did sucessfull configure this? 

    We see reauthentication but no port bounce and the client does not send an new dhcp request.

    ------------------------------
    Jay R
    ------------------------------


  • 2.  RE: Clearpass dynamic vlan with juniper EX Switch CoA Port Bounce

    MVP GURU
    Posted Oct 11, 2021 11:36 AM
    Have you tried terminate session?

    ------------------------------
    Dustin Burns
    Lead Mobility Engineer @WEI

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
    If my post was useful accept solution and/or give kudos
    ------------------------------

    Original Message


  • 3.  RE: Clearpass dynamic vlan with juniper EX Switch CoA Port Bounce

    Posted Oct 12, 2021 05:48 AM
    Yes and we get a sucessful, but it seems to do only terminate session, no port bounce


    Is there a CoA Port Bounce missing?

    ------------------------------
    Jay R
    ------------------------------

    Original Message


  • 4.  RE: Clearpass dynamic vlan with juniper EX Switch CoA Port Bounce

    Posted Oct 12, 2021 03:51 AM

    Hi Jay,

    We do use it in our environment but on a different model of switches. There are few steps that need to be followed in order to have this working :

    1. Port bounce got introduced only with Junos 17.1 release. So, the Juniper dictionary on Clearpass needs to be updated to reflect the VSA that is used for port bounce


    2.  Please make sure the switches that you are using indeed support Port bounce. 

    https://apps.juniper.net/feature-explorer/feature-info.html?fKey=7896&fn=Port+bounce+with+CoA+requests+and+framed-IPv6-address+RADIUS+attribute+for+AAA

    I am not sure if this list is up to date. It is worth checking with Juniper TAC once if ex3400 switches support port bounce.



    ------------------------------
    Nitesh Singla
    ------------------------------

    Original Message


  • 5.  RE: Clearpass dynamic vlan with juniper EX Switch CoA Port Bounce

    Posted Oct 12, 2021 06:04 AM
    What Switches do you actualy use with which software release?

    On Clearpass 6.10.  the VSA seems to be already there


    ------------------------------
    Jay R
    ------------------------------

    Original Message


  • 6.  RE: Clearpass dynamic vlan with juniper EX Switch CoA Port Bounce

    Posted Oct 12, 2021 12:00 PM
    Please check if your switch model is listed in the list below. As per Juniper's website, these are the only switch models that support port bounce.

    https://apps.juniper.net/feature-explorer/feature-info.html?fKey=7896&fn=Port+bounce+with+CoA+requests+and+framed-IPv6-address+RADIUS+attribute+for+AAA



    So, it is better to check once with Juniper support if port bounce is supported on 3400's & somehow not listed in this article

    ------------------------------
    Nitesh Singla
    ------------------------------

    Original Message