Security

Reply
Highlighted
Occasional Contributor II

Bounce port or disconnect request for authenticatetd user (MAC)

Hello,

I have mac authentication service and it works fine.  

Now I would like to force the user / device to be re-authenticated. Does clearpass have this functionality or something similar?

service that parses logs, set the attribute to the user / device and based on the given attribute, I want to assign it to the specific subnet.

Unfortunately, I have switches without coa support.

Highlighted
Moderator

Re: Bounce port or disconnect request for authenticatetd user (MAC)

For a wired client where a VLAN change is occuring, you need to use a CoA bounce port. If you just need to force a reauthentication, you can use a Disconnect Message or a CoA Reauthenticate Session.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor II

Re: Bounce port or disconnect request for authenticatetd user (MAC)

Can you explain how to use Disconnect Message?

Highlighted
Moderator

Re: Bounce port or disconnect request for authenticatetd user (MAC)

Not sure what you mean. ClearPass issues a Disconnect Request based on a enforcement policy rule like any other enforcement. You use the Terminate Session enforcement profiles in ClearPass.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor II

Re: Bounce port or disconnect request for authenticatetd user (MAC)

I do not know how to enforce re-authentication. My switch does not support coa. 

In that case, I have to create a new Enforcement Profiles (snmp type),  using the reser connection attribute?

Highlighted
Moderator

Re: Bounce port or disconnect request for authenticatetd user (MAC)

Can you please provide details about your switch(es)? Things like vendor, model, code version, etc.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor II

Re: Bounce port or disconnect request for authenticatetd user (MAC)

HPE 1920-8G-PoE+ Switch JG922A

Highlighted
Occasional Contributor II

Re: Bounce port or disconnect request for authenticatetd user (MAC)

Today I connected procurve 5406zl to clearpass. When I wanted to change the status for the user using coa in Access Tracker.

After executing the bounce switch port option, it receives a message about the following error:

cppm.PNG

Highlighted
Moderator

Re: Bounce port or disconnect request for authenticatetd user (MAC)

That's "ArubaOS Wireless". You need to use the one for "ArubaOS Switching".


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor II

Re: Bounce port or disconnect request for authenticatetd user (MAC)

The best part is that I can not choose others. I copied the wireless profile and edited in the same way as ArubaOS Switching.

cppm3.PNG

Below is an error when selecting a new profile.

cppm2.PNG

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: