Security

 View Only
last person joined: 14 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass COA bounce-port missing attribute?

This thread has been viewed 32 times

  • 1.  Clearpass COA bounce-port missing attribute?

    Posted Nov 30, 2021 01:04 PM
    Hi,

    CPPM is version 6.10.2.182283 with latest patch. I havent installed Clearpass 6.10.x Rollback RPM package, because that rolls it back to prev version, but I think this is not even necessery even though it is available?

    AOS 2930F has been tested earlier versions and now running latest WC.16.11.0002

    Tried to find missing attribute error fix with new version of clearpass and aos-switch.
    I'm trying to setup MAC-auth with untauth vlan and then bounce port when profiled to auth vlan

    > Device is profiled correctly to Printer, but the automatic bounce-port and manual change status>bounce port is failing


    > second odd thing is that why type is "wireless" even though this is "wired" bounce that I need, is this just a terminology error inside CPPM?


    Application Name Policy Manager
    RADIUS Dynamic Authorization Action Type Disconnect
    RADIUS Dynamic Authorization Action Name [ArubaOS Wireless - Bounce Switch Port]
    Status Code 0
    Status Message Radius [ArubaOS Wireless - Bounce Switch Port] failed for client f80.... Missing-Attribute.
    RADIUS Dynamic Authorization Attributes Aruba-Port-Bounce-Host = 12
    Calling-Station-Id = f8-...

    In 2930F switch I have used time-windows 0, but it won't help either.
    Both switch and cppm are using same windows dc ntp time and I have checked that there are no gaps.

    Anything else I could try to get this working?

    Thanks!

    ------------------------------
    Olli Henttonen
    ------------------------------


  • 2.  RE: Clearpass COA bounce-port missing attribute?

    Posted Dec 01, 2021 02:26 AM

    Hi Olli.

    Your device vendor setting is wrong. For ArubaOS switch it need to be Hewlett Packard Enterprise and not Aruba. Those are procurve and not original aruba switches.

    Change the vendor setting in Configuration / Device for this switch.

    Best, Gorazd



    ------------------------------
    Gorazd Kikelj
    ------------------------------

    Original Message


  • 3.  RE: Clearpass COA bounce-port missing attribute?

    Posted Dec 01, 2021 05:52 AM
    Hi,

    There are no more HPE Switches available:


    In access tracker manually change status, these are only choises:


    ------------------------------
    Olli Henttonen
    ------------------------------

    Original Message


  • 4.  RE: Clearpass COA bounce-port missing attribute?
    Best Answer

    Posted Dec 01, 2021 06:14 AM

    You need to change definition on NAC settings ClearPass / Configuration / Device 

    Best, Gorazd


    ------------------------------
    Gorazd Kikelj
    ------------------------------

    Original Message


  • 5.  RE: Clearpass COA bounce-port missing attribute?

    Posted Dec 01, 2021 08:44 AM
    Hi,

    Thanks, that was the trick. And then choose in service portbounce H3C Switch Port.

    Now I just have to figure out why my enforcement rules wont work, even device is profiled, but not moving it to autenticated-based-oncategory-vlan..

    br, Ollie
    Original Message


  • 6.  RE: Clearpass COA bounce-port missing attribute?

    Posted Dec 01, 2021 08:54 AM
    Hi Olli.

    H3C is for Comware switches. You should use ArubaOS Switching - Bounce Switch Port for correct port bouncing on ArubaOS (procurve) switches.

    Best, Gorazd

    ------------------------------
    Gorazd Kikelj
    ------------------------------

    Original Message