Security

 View Only
last person joined: 3 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Aruba CX Switch not receiving the Role

This thread has been viewed 34 times
  • 1.  Aruba CX Switch not receiving the Role

    Posted Nov 16, 2023 08:41 AM

    Aruba CX Switch 6100 - version PL.10.10.1070

    Clearpass version 6.11.1.2513.04 (Cloud)

    Hello Everyone we are testing Clearpass for future implementation (POC with Trial Version)

    At the moment I was able to authenticate the user, Enforce the profile (with user role) to send to the Switch but i am facing a problem. On the switch side the port is not enforced with the correct Role

    I created the LUR-CX-CAMERA on the Enforcement Profile

    From Access tracker I am able to confirm the profile is correctly matching the device

    On the switch side I have the role created with the same name

    But the switch is assigning the default RADIUS_0 role

    Any idea about the issue? How can I troubleshoot this?

    Regards

    Tony



  • 2.  RE: Aruba CX Switch not receiving the Role

    EMPLOYEE
    Posted Nov 16, 2023 06:32 PM

    see if these commands can shed more light.

     "show event -r" and "sh port-access clients det"



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: Aruba CX Switch not receiving the Role

    Posted Nov 16, 2023 06:59 PM

    Hello ariyap, thank you for the reply

    Form the show event -r i cannot see any log from radius

    With the sh port-access clients det i can see the default role




  • 4.  RE: Aruba CX Switch not receiving the Role

    EMPLOYEE
    Posted Nov 16, 2023 07:56 PM

    just reconnect the camera and then see the output of show event -r



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 5.  RE: Aruba CX Switch not receiving the Role

    Posted Nov 17, 2023 03:32 AM

    Hello ariyap

    I tried again. no logs from radius

    All i have 




  • 6.  RE: Aruba CX Switch not receiving the Role

    EMPLOYEE
    Posted Nov 17, 2023 05:08 PM

    see if you can upgrade to 10.10.1090 firmware.

    there was a resolved case where Clients are not updated with the latest role



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 7.  RE: Aruba CX Switch not receiving the Role

    Posted Nov 23, 2023 09:05 AM

    Hello 

    Which debug commands can I use to see the information received from clearpass?




  • 8.  RE: Aruba CX Switch not receiving the Role

    EMPLOYEE
    Posted Nov 23, 2023 05:08 PM

    try this debug command

    debug portaccess all



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 9.  RE: Aruba CX Switch not receiving the Role

    Posted Nov 23, 2023 06:21 PM

    I have found the issue.

    The service was activated with "monitor mode" ignoring any enforcement rules. My bad 

    Thanks for the support :)