Security

 View Only
  • 1.  Clearpass CoA with ArubaOS switch

    Posted Jun 18, 2019 12:52 PM

    I want to change user role of a ArubaOS-Switch client with Clearpass CoA, however I can't get it work.

     

    using CP RADIUS Dyn Authorization Template: ArubaOs Switching-Change User Role, but
    manual trigger response via Monitoring-> Access Tracker-> Change Status -> RADIUS CoA is:
    "Radius CoA_user-role failed for client 001f29b6769c. Missing-Attribute."

    CoA.pngCoA-template.png

    using RADIUS Dyn Authorization Template: ArubaOs Switching-Change VLAN doesn't work:
    "Insufficient parameters received"

    CoA_vlan.png

     

    I am a bit confused here, are there necessary attributes that are not in clearpass template?


    MAC-Auth is working, User-Role profile "role-any" is configured locally on Aruba-2540 YC.16.06.0010 and ClearPass is on version 6.8.

     

    Any kind of help is appreciated.

     



  • 2.  RE: Clearpass CoA with ArubaOS switch
    Best Answer

    Posted Jun 18, 2019 01:14 PM
    Did you add the device in ClearPass using hewlett packard enterprise as the vendor?

    Did you configure ClearPass to do dynamic authorization in the switch ?
    http://h22208.www2.hpe.com/eginfolib/networking/docs/switches/WB/15-18/5998-8152_wb_2920_asg/content/ch06s04.html#s_Configuring_the_switch_to_access_a_RADIUS_server

    Also make sure that the time on the switch and ClearPass is the same



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile