Yes,
It is an AOS-CX switch. I have a rule in the FW from switch mgmt IP (as source) to the CP (As destination)that allows any.
Do you think I need an additional rule from CP as a source to switch as a destination (with port 3799)?
Yes, I have Dynamic authorization configured. here are the configurations:
radius dyn-authorization enable
radius dyn-authorization client 192.168.10.90 secret-key ciphertext "AQBapV40"
radius dyn-authorization client 192.168.10.93 secret-key ciphertext "AQBapV40"
I do have radius enabled. I already succeed in making the CP send to the switch a user-role name in an enforcement profile.
------------------------------
Best regards,
Alon Haber
------------------------------
Original Message:
Sent: Jan 11, 2023 09:53 AM
From: ahollifield
Subject: CoA from CLEARPASS to the switch doesn't work
Is this an AOS-CX switch? Is UDP/3799 open from ClearPass to the switch? Do you have Dynamic Author configured on the switch?
SNMPv3 is not needed or used in this flow. Do you not have CoA or RADIUS enabled for the switch within ClearPass at all?
Original Message:
Sent: Jan 11, 2023 09:47 AM
From: Alon Haber
Subject: CoA from CLEARPASS to the switch doesn't work
Hi All,
I am trying to enforce CoA of [AOS-CX - Bounce Switch Port] and gets this status message on the Access Tracker:
Radius [AOS-CX - Bounce Switch Port] failed for client 705a0f46e6e8 |
|
Any suggestions how I can fix it ?
I have just configured snmpv3 on the switch and under "Devices" on CPPM for that switch.
------------------------------
Best regards,
Alon Haber
------------------------------