Security

 View Only
last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass 6.11.5 CoA from Publisher

This thread has been viewed 11 times
  • 1.  Clearpass 6.11.5 CoA from Publisher

    Posted Nov 19, 2023 08:55 PM

    Hi,

    I'm running a Clearpass cluster (6.11.5) with 3 multi-site nodes.

    2530 / 2540 /2930f switches and IAP clusters. It's working.

    I have a question for wired access:
    From Access Tracker, is it normal that I can't bounce on a switch port that hasn't been authenticated by the cluster member I'm connected to on the web interface?
    I get the message "No response from network device". With tcpdump, I don't see any traffic on port 3799 from the server.

    To make it work, i have to connect to the cluster member (publisher or subscriber) who authenticated the device. 

    Port 3799 is open and works for all sites. I've tested CoA by modifying the configuration of a switch to put one clearpass server at a time.

    I thought you could do this from the publisher. But I may have a configuration problem.

    Thank you

    Nicolas



  • 2.  RE: Clearpass 6.11.5 CoA from Publisher

    MVP EXPERT
    Posted Nov 20, 2023 03:10 AM
    I never have to move to a specific cluster member to push a CoA, do it all from the publisher.
    Our publisher doesn’t do any authentication, this is done by the subscribers but I just push the CoA via the publisher
    A




  • 3.  RE: Clearpass 6.11.5 CoA from Publisher

    Posted Nov 21, 2023 11:18 AM

    Hi 

    I my 6.9.13 cluster with 6300M AOS CX no matter on which sub I am to bounce a port.

    I hope this behaviour will be the same after my upgrade

    HTH

    Sebastien




  • 4.  RE: Clearpass 6.11.5 CoA from Publisher

    EMPLOYEE
    Posted Dec 05, 2023 03:55 AM

    Did you configure zones? Reason for asking is that lookup of the session information for CoA may only work on ClearPass nodes that are in the same zone.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------