Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass API to Change Status

This thread has been viewed 5 times

  • 1.  Clearpass API to Change Status

    Posted May 06, 2016 09:10 AM

    I'm looking for the correct API syntax to change device status in Clearpass. Users who complete the process of transitioning from a captive role to an authorized role for access are not being reauthorized and as a result I'd like to force that reauthorization with a Change Status: [Aruba Terminate Session] to force a role refresh.

     

    The API documention speaks about Change Status but it appears to be separate from the functionality I need. Thank you!



  • 2.  RE: Clearpass API to Change Status

    EMPLOYEE
    Posted May 06, 2016 09:26 AM
    In API Explorer, take a look at Identity > Endpoint which will give all the
    attributes for an endpoint including the status.


  • 3.  RE: Clearpass API to Change Status

    Posted May 06, 2016 09:31 AM

    Thank you for the quick response, Tim.

     

    I looked at the endpoint status attribute, but that appears to be restricted to Known, Unknown and Disabled. Would changing this attribute value cause the endsystem to reauthenticate against Radius? Would I need to make the API call to the controller instead?



  • 4.  RE: Clearpass API to Change Status

    EMPLOYEE
    Posted May 06, 2016 09:35 AM

    My apologies, my answer was the opposite of what you asked. Misread.

     

    Try using Danny's solution here:

     

    http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Clearpass-COA-disconnect-using-API/td-p/257285

     



  • 5.  RE: Clearpass API to Change Status

    Posted May 06, 2016 09:42 AM

    No worries - this looks very promising, I'll give it a shot. Thanks again!!