Security

Reply
Highlighted
Occasional Contributor I

Cleapass CoA to Enterasys switch (B5)

Hi,

 

I've been working through configuring Clearpass to Auth our Extreme (formerly Enterasys) B5 switches.  I have jsut about everything working except for CoA.  Does anyone know how to innitiate a CoA to one of those switches?

 

Thanks

 

--B


Accepted Solutions
Highlighted
Moderator

Re: Cleapass CoA to Enterasys switch (B5)

MIBs are used for SNMP based enforcement. Are you trying to use OnConnect?

What happened when you used the standard IETF template?


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Contributor II

Re: Cleapass CoA to Enterasys switch (B5)

Same here - if I have the MIB to send a CoA to an Enterasys switch, how can I incorporate that into clearpass?

Highlighted
Moderator

Re: Cleapass CoA to Enterasys switch (B5)

MIBs are not used with RADIUS.

Did you try using the IETF COA template?


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor II

Re: Cleapass CoA to Enterasys switch (B5)

Perhaps I didn't phrase my question correctly - I'm trying to force reauthentication of a port on an Enterasys switch via Clearpass. I looked breifly at the IETF COA template but didn't have any luck in implementing it. I've found some MIBs that would allow setting a reauthentication on a switch port, but I'm not sure how I can call that from Clearpass.

Highlighted
Moderator

Re: Cleapass CoA to Enterasys switch (B5)

MIBs are used for SNMP based enforcement. Are you trying to use OnConnect?

What happened when you used the standard IETF template?


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Contributor II

Re: Cleapass CoA to Enterasys switch (B5)

We're actually making progress with the IETF Radius CoA to the Enterasys switch. It now seems to be a matter of correctly configuring the Enterasys switch to allow Clearpass as an RFC 3576 server so it will accept the CoA.

Highlighted
Moderator

Re: Cleapass CoA to Enterasys switch (B5)

Yes you need to configure ClearPass as a dynamic authorization client.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor II

Re: Cleapass CoA to Enterasys switch (B5)

It appears at first glance our switches (Enterasys B5) do not support RFC 3576 (based on a run-through of the supported specs for the switch). I'm thinking now my only option is the SNMP route. I've found a MIB I think will do the trick, but making that SNMP call from Clearpass is where I'm stuck.

Highlighted
Contributor II

Re: Cleapass CoA to Enterasys switch (B5)

I'm trying to add an SNMP Based Enforcement Profile but I don't see any option to specificy a specific SNMP MIB to perform a reauthentication on the switch. The only options I seem to have are VLANID and session options, which I'm not sure the switch is going to do anything with.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: