Security

Hello guys,

I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.

The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.

The firmware that using is 6.7.1.21.

Any ideias?

Thank you.

i think your clearpass configuration is fine. In the past i had lots of issues with Dell switches and most of them caused by the switch firmware.

Hello guys,

I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.

The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.

The firmware that using is 6.7.1.21.

Any ideias?

Thank you.

I will to check if has other firmware version.

I let you know.

i think your clearpass configuration is fine. In the past i had lots of issues with Dell switches and most of them caused by the switch firmware.

Hello guys,

I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.

The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.

The firmware that using is 6.7.1.21.

Any ideias?

Thank you.

I update the switch to newest version and the behavior it's same.

In packet capture I can see that switch send many attributes, User-Name, Calling-Station-Id, NAS-Port, NAS-IP,  You know if CPPM need to receveid some special attribute ?

Thanks,

I will to check if has other firmware version.

I let you know.

i think your clearpass configuration is fine. In the past i had lots of issues with Dell switches and most of them caused by the switch firmware.

Hello guys,

I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.

The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.

The firmware that using is 6.7.1.21.

Any ideias?

Thank you.

i suggest to do a pcap on the switch to see if the CoA packets that clearpass sends, are received. 

I update the switch to newest version and the behavior it's same.

In packet capture I can see that switch send many attributes, User-Name, Calling-Station-Id, NAS-Port, NAS-IP,  You know if CPPM need to receveid some special attribute ?

Thanks,

I will to check if has other firmware version.

I let you know.

i think your clearpass configuration is fine. In the past i had lots of issues with Dell switches and most of them caused by the switch firmware.

Hello guys,

I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.

The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.

The firmware that using is 6.7.1.21.

Any ideias?

Thank you.

When I will to do COA via access tracker I can't do.

Radiu Dyn is grayed out as image below:

Thnaks,

i suggest to do a pcap on the switch to see if the CoA packets that clearpass sends, are received. 

I update the switch to newest version and the behavior it's same.

In packet capture I can see that switch send many attributes, User-Name, Calling-Station-Id, NAS-Port, NAS-IP,  You know if CPPM need to receveid some special attribute ?

Thanks,

I will to check if has other firmware version.

I let you know.

i think your clearpass configuration is fine. In the past i had lots of issues with Dell switches and most of them caused by the switch firmware.

Hello guys,

I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.

The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.

The firmware that using is 6.7.1.21.

Any ideias?

Thank you.

are you referencing a CoA type of enforcement profile? if so please paste the screen shot.

When I will to do COA via access tracker I can't do.

Radiu Dyn is grayed out as image below:

Thnaks,

i suggest to do a pcap on the switch to see if the CoA packets that clearpass sends, are received. 

I update the switch to newest version and the behavior it's same.

In packet capture I can see that switch send many attributes, User-Name, Calling-Station-Id, NAS-Port, NAS-IP,  You know if CPPM need to receveid some special attribute ?

Thanks,

I will to check if has other firmware version.

I let you know.

i think your clearpass configuration is fine. In the past i had lots of issues with Dell switches and most of them caused by the switch firmware.

Hello guys,

I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.

The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.

The firmware that using is 6.7.1.21.

Any ideias?

Thank you.

I added this switch as IETF vendor and created coa profiles using IETf standard from templates below:

Tks,

are you referencing a CoA type of enforcement profile? if so please paste the screen shot.

When I will to do COA via access tracker I can't do.

Radiu Dyn is grayed out as image below:

Thnaks,

i suggest to do a pcap on the switch to see if the CoA packets that clearpass sends, are received. 

I update the switch to newest version and the behavior it's same.

In packet capture I can see that switch send many attributes, User-Name, Calling-Station-Id, NAS-Port, NAS-IP,  You know if CPPM need to receveid some special attribute ?

Thanks,

I will to check if has other firmware version.

I let you know.

i think your clearpass configuration is fine. In the past i had lots of issues with Dell switches and most of them caused by the switch firmware.

Hello guys,

I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.

The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.

The firmware that using is 6.7.1.21.

Any ideias?

Thank you.

sure so what is the enforcement profile that you use? is it this? if not try using it.

I added this switch as IETF vendor and created coa profiles using IETf standard from templates below:

Tks,

are you referencing a CoA type of enforcement profile? if so please paste the screen shot.

When I will to do COA via access tracker I can't do.

Radiu Dyn is grayed out as image below:

Thnaks,

i suggest to do a pcap on the switch to see if the CoA packets that clearpass sends, are received. 

I update the switch to newest version and the behavior it's same.

In packet capture I can see that switch send many attributes, User-Name, Calling-Station-Id, NAS-Port, NAS-IP,  You know if CPPM need to receveid some special attribute ?

Thanks,

I will to check if has other firmware version.

I let you know.

i think your clearpass configuration is fine. In the past i had lots of issues with Dell switches and most of them caused by the switch firmware.

Hello guys,

I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.

The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.

The firmware that using is 6.7.1.21.

Any ideias?

Thank you.

Yes, I used this profile but doesn't work, so I tryed to use the other profile bur the behavior it's equal.

Thanks,

sure so what is the enforcement profile that you use? is it this? if not try using it.

I added this switch as IETF vendor and created coa profiles using IETf standard from templates below:

Tks,

are you referencing a CoA type of enforcement profile? if so please paste the screen shot.

When I will to do COA via access tracker I can't do.

Radiu Dyn is grayed out as image below:

Thnaks,

i suggest to do a pcap on the switch to see if the CoA packets that clearpass sends, are received. 

I update the switch to newest version and the behavior it's same.

In packet capture I can see that switch send many attributes, User-Name, Calling-Station-Id, NAS-Port, NAS-IP,  You know if CPPM need to receveid some special attribute ?

Thanks,

I will to check if has other firmware version.

I let you know.

i think your clearpass configuration is fine. In the past i had lots of issues with Dell switches and most of them caused by the switch firmware.

Hello guys,

I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.

The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.

The firmware that using is 6.7.1.21.

Any ideias?

Thank you.

Do you have accounting enabled on your switch?

Do you have Insight & Log interrim accounting packets enabled on ClearPass?

If not, do so and try again. If RADIUS Dynamic Authorization is greyed out in Access Tracker, most likely there is no active session known.

Yes, I used this profile but doesn't work, so I tryed to use the other profile bur the behavior it's equal.

Thanks,

sure so what is the enforcement profile that you use? is it this? if not try using it.

I added this switch as IETF vendor and created coa profiles using IETf standard from templates below:

Tks,

are you referencing a CoA type of enforcement profile? if so please paste the screen shot.

When I will to do COA via access tracker I can't do.

Radiu Dyn is grayed out as image below:

Thnaks,

i suggest to do a pcap on the switch to see if the CoA packets that clearpass sends, are received. 

I update the switch to newest version and the behavior it's same.

In packet capture I can see that switch send many attributes, User-Name, Calling-Station-Id, NAS-Port, NAS-IP,  You know if CPPM need to receveid some special attribute ?

Thanks,

I will to check if has other firmware version.

I let you know.

i think your clearpass configuration is fine. In the past i had lots of issues with Dell switches and most of them caused by the switch firmware.

Hello guys,

I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.

The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.

The firmware that using is 6.7.1.21.

Any ideias?

Thank you.

Do you have accounting enabled on your switch?

Do you have Insight & Log interrim accounting packets enabled on ClearPass?

If not, do so and try again. If RADIUS Dynamic Authorization is greyed out in Access Tracker, most likely there is no active session known.

Yes, I used this profile but doesn't work, so I tryed to use the other profile bur the behavior it's equal.

Thanks,

sure so what is the enforcement profile that you use? is it this? if not try using it.

I added this switch as IETF vendor and created coa profiles using IETf standard from templates below:

Tks,

are you referencing a CoA type of enforcement profile? if so please paste the screen shot.

When I will to do COA via access tracker I can't do.

Radiu Dyn is grayed out as image below:

Thnaks,

i suggest to do a pcap on the switch to see if the CoA packets that clearpass sends, are received. 

I update the switch to newest version and the behavior it's same.

In packet capture I can see that switch send many attributes, User-Name, Calling-Station-Id, NAS-Port, NAS-IP,  You know if CPPM need to receveid some special attribute ?

Thanks,

I will to check if has other firmware version.

I let you know.

i think your clearpass configuration is fine. In the past i had lots of issues with Dell switches and most of them caused by the switch firmware.

Hello guys,

I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.

The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.

The firmware that using is 6.7.1.21.

Any ideias?

Thank you.

Hello Herman, thanks a lot.
One Clearpass member was be with acct disabled, after enabled acct the Radius COA of profile inside service works.

But when I will to do COA manually via change status RADIUS Dyn-Autho continue greyed out.

Any idea?

Do you have accounting enabled on your switch?

Do you have Insight & Log interrim accounting packets enabled on ClearPass?

If not, do so and try again. If RADIUS Dynamic Authorization is greyed out in Access Tracker, most likely there is no active session known.

Yes, I used this profile but doesn't work, so I tryed to use the other profile bur the behavior it's equal.

Thanks,

sure so what is the enforcement profile that you use? is it this? if not try using it.

I added this switch as IETF vendor and created coa profiles using IETf standard from templates below:

Tks,

are you referencing a CoA type of enforcement profile? if so please paste the screen shot.

When I will to do COA via access tracker I can't do.

Radiu Dyn is grayed out as image below:

Thnaks,

i suggest to do a pcap on the switch to see if the CoA packets that clearpass sends, are received. 

I update the switch to newest version and the behavior it's same.

In packet capture I can see that switch send many attributes, User-Name, Calling-Station-Id, NAS-Port, NAS-IP,  You know if CPPM need to receveid some special attribute ?

Thanks,

I will to check if has other firmware version.

I let you know.

i think your clearpass configuration is fine. In the past i had lots of issues with Dell switches and most of them caused by the switch firmware.

Hello guys,

I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.

The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.

The firmware that using is 6.7.1.21.

Any ideias?

Thank you.

CoA is only available as an option for an (the most recent) active session. So if an automatic CoA has been sent, which triggered a new authentication, only the active session (with accounting data coming in) will have the option to do CoA. Sometimes when you are testing and have many entries in Access Tracker, it may be hard to see which is the last/active session. In general if an automatic CoA works (via Profiling tab), it should also work from Access Tracker (Change Status).

Hello Herman, thanks a lot.
One Clearpass member was be with acct disabled, after enabled acct the Radius COA of profile inside service works.

But when I will to do COA manually via change status RADIUS Dyn-Autho continue greyed out.

Any idea?

Do you have accounting enabled on your switch?

Do you have Insight & Log interrim accounting packets enabled on ClearPass?

If not, do so and try again. If RADIUS Dynamic Authorization is greyed out in Access Tracker, most likely there is no active session known.

Yes, I used this profile but doesn't work, so I tryed to use the other profile bur the behavior it's equal.

Thanks,

sure so what is the enforcement profile that you use? is it this? if not try using it.

I added this switch as IETF vendor and created coa profiles using IETf standard from templates below:

Tks,

are you referencing a CoA type of enforcement profile? if so please paste the screen shot.

When I will to do COA via access tracker I can't do.

Radiu Dyn is grayed out as image below:

Thnaks,

i suggest to do a pcap on the switch to see if the CoA packets that clearpass sends, are received. 

I update the switch to newest version and the behavior it's same.

In packet capture I can see that switch send many attributes, User-Name, Calling-Station-Id, NAS-Port, NAS-IP,  You know if CPPM need to receveid some special attribute ?

Thanks,

I will to check if has other firmware version.

I let you know.

i think your clearpass configuration is fine. In the past i had lots of issues with Dell switches and most of them caused by the switch firmware.

Hello guys,

I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.

The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.

The firmware that using is 6.7.1.21.

Any ideias?

Thank you.