Security

Hello,

I have mac authentication service and it works fine.  

Now I would like to force the user / device to be re-authenticated. Does clearpass have this functionality or something similar?

service that parses logs, set the attribute to the user / device and based on the given attribute, I want to assign it to the specific subnet.

Unfortunately, I have switches without coa support.

For a wired client where a VLAN change is occuring, you need to use a CoA bounce port. If you just need to force a reauthentication, you can use a Disconnect Message or a CoA Reauthenticate Session.

Can you explain how to use Disconnect Message?

Not sure what you mean. ClearPass issues a Disconnect Request based on a enforcement policy rule like any other enforcement. You use the Terminate Session enforcement profiles in ClearPass.

I do not know how to enforce re-authentication. My switch does not support coa. 

In that case, I have to create a new Enforcement Profiles (snmp type),  using the reser connection attribute?

Can you please provide details about your switch(es)? Things like vendor, model, code version, etc.

HPE 1920-8G-PoE+ Switch JG922A

Today I connected procurve 5406zl to clearpass. When I wanted to change the status for the user using coa in Access Tracker.

After executing the bounce switch port option, it receives a message about the following error:

That's "ArubaOS Wireless". You need to use the one for "ArubaOS Switching".

The best part is that I can not choose others. I copied the wireless profile and edited in the same way as ArubaOS Switching.

Below is an error when selecting a new profile.