The manual termination session via access tracker-->change status did not work because this CPPM is in another zone (ZoneB) and I was trying to send the manual COA through the publisher which is in the default zone. when I log in to zoneB's CPPM I can manually send coa through the access tracker-->change status.
Things I didn't know, are learning.
Many thanks to everyone who took the time to help me with the case.
Original Message:
Sent: Jul 06, 2023 07:10 AM
From: Herman Robers
Subject: Switch Dell N2024 CoA
CoA is only available as an option for an (the most recent) active session. So if an automatic CoA has been sent, which triggered a new authentication, only the active session (with accounting data coming in) will have the option to do CoA. Sometimes when you are testing and have many entries in Access Tracker, it may be hard to see which is the last/active session. In general if an automatic CoA works (via Profiling tab), it should also work from Access Tracker (Change Status).
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jul 05, 2023 03:01 PM
From: Rogasi
Subject: Switch Dell N2024 CoA
Hello Herman, thanks a lot.
One Clearpass member was be with acct disabled, after enabled acct the Radius COA of profile inside service works.
But when I will to do COA manually via change status RADIUS Dyn-Autho continue greyed out.
Any idea?
Original Message:
Sent: Jul 03, 2023 07:37 AM
From: Herman Robers
Subject: Switch Dell N2024 CoA
Do you have accounting enabled on your switch?
Do you have Insight & Log interrim accounting packets enabled on ClearPass?
If not, do so and try again. If RADIUS Dynamic Authorization is greyed out in Access Tracker, most likely there is no active session known.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jun 29, 2023 08:15 AM
From: Rogasi
Subject: Switch Dell N2024 CoA
Yes, I used this profile but doesn't work, so I tryed to use the other profile bur the behavior it's equal.
Thanks,
Original Message:
Sent: Jun 29, 2023 03:03 AM
From: ariyap
Subject: Switch Dell N2024 CoA
sure so what is the enforcement profile that you use? is it this? if not try using it.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Jun 28, 2023 08:42 PM
From: Rogasi
Subject: Switch Dell N2024 CoA
I added this switch as IETF vendor and created coa profiles using IETf standard from templates below:
Tks,
Original Message:
Sent: Jun 28, 2023 07:43 PM
From: ariyap
Subject: Switch Dell N2024 CoA
are you referencing a CoA type of enforcement profile? if so please paste the screen shot.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Jun 28, 2023 07:41 PM
From: Rogasi
Subject: Switch Dell N2024 CoA
When I will to do COA via access tracker I can't do.
Radiu Dyn is grayed out as image below:
Thnaks,
Original Message:
Sent: Jun 28, 2023 07:36 PM
From: ariyap
Subject: Switch Dell N2024 CoA
i suggest to do a pcap on the switch to see if the CoA packets that clearpass sends, are received.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Jun 28, 2023 10:16 AM
From: Rogasi
Subject: Switch Dell N2024 CoA
I update the switch to newest version and the behavior it's same.
In packet capture I can see that switch send many attributes, User-Name, Calling-Station-Id, NAS-Port, NAS-IP, You know if CPPM need to receveid some special attribute ?
Thanks,
Original Message:
Sent: May 29, 2023 10:14 AM
From: Rogasi
Subject: Switch Dell N2024 CoA
I will to check if has other firmware version.
I let you know.
Original Message:
Sent: May 26, 2023 06:42 PM
From: ariyap
Subject: Switch Dell N2024 CoA
i think your clearpass configuration is fine. In the past i had lots of issues with Dell switches and most of them caused by the switch firmware.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: May 26, 2023 08:27 AM
From: Rogasi
Subject: Switch Dell N2024 CoA
Hello guys,
I have configured Dell switch N2024 with 802.1X, Authc, authz, accounting and dyn-author, in ClearPass side I add this switch as IETF device and create a profile named Dell CoA using IETF CoA default from system.
The authentication it's occurred perfectly, but when I will in change status via access tracker I unable send someone CoA actions, I remove configuration from switch e reinsert, but doesn't work.
The firmware that using is 6.7.1.21.
Any ideias?
Thank you.