Security

 View Only
  • 1.  Clearpass Profiling not working with Aruba CX

    Posted Apr 15, 2024 05:20 AM

    Hi all

    We have an environment with Aruba OS and CX Switches.

    We noticed that Devices that connect to the CX Switches aren't getting Profiled by Clearpass.

    Profiling is configured with CoA (15 seconds delay).

    Did you have similar experience with it? Does someone has an solution for that?

    Thanks and regards



  • 2.  RE: Clearpass Profiling not working with Aruba CX

    Posted Apr 15, 2024 07:33 AM

    What did you configure on the CX switch to enable profiling? Do you have IP helpers to ClearPass in each VLAN? And can 'unknown' or clients that should not get access have at least do a DHCP, which then is forwarded to ClearPass for profiling? 



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Clearpass Profiling not working with Aruba CX

    Posted Apr 15, 2024 08:03 AM

    On the Switches we have the vlans and a separate profiling VLAN. 

    Clients will get placed in that vlan and there is also the IP helper that points to the cppm (this works if I manually place a device in that vlan).

    If the vlan gets assigned through the enforcement role (device - is profiled - no) with the CoA the profiling doesn't work. Also if the default role is changed to the profiling vlan new devices are not profiled and just stay there.




  • 4.  RE: Clearpass Profiling not working with Aruba CX

    Posted Apr 16, 2024 10:08 AM

    If you have a client assigned to your profiling VLAN, what is at that point the output of 'show port-access clients interface 1/1/3 detail' (if the client is in interface 1/1/3; change it to the actual interface)?



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: Clearpass Profiling not working with Aruba CX

    Posted Jun 05, 2024 08:38 AM

    Did you get an answer to this? I have the exact same issue. CPPM 6.11.5 and CX switches



    ------------------------------
    --------------------
    Stewart Smith
    ACMX, ACDX, ACCP, ACSA
    --------------------
    ------------------------------