So i'm using a 802.1x SSID in combination with OnGuard. However, I can't seem to get the wireless users to change roles or re-run the authentication (without disconnecting (as in bouncing) them with the agent).
I've already gone through the usual stuff about this type of configuration:
Wired works perfectly but can work with bounce client (which is not really useful for wireless clients as they won't reconnect. I've tried CoA terminate sessions, A CoA coupled with a user-role but nothing seems to be working. Role always stays the same.
Can someone help?
What IP addresses do you have defined under the AAA Profile / RFC Servers?
Are you including the VIP for ClearPass ?
If you try to execute a CoA directly from Access Tracker using the change status
Both AAA profiles and RFC servers are configured for VIP, node 1 and node 2. IP addresses are the ones you see under RFC servers in one of the screenshots (FYI: same subnet as controllers).
CoA from the access tracker fails: either get a timeout or when I go to the record in access tracker, under tab Radius CoA, I see: Radius CoA failed for client mac-address.
At first the VIP wasn't added under RFC servers. Added it because the CoA was not working. To no avail.
Seem to have found it.
On the controller, one of the clearpass addresses had some different mac address settings as the others.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.