Security

last person joined: 9 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Policy for reauthentication period per user on AOS Switch

This thread has been viewed 12 times

  • 1.  Clearpass Policy for reauthentication period per user on AOS Switch

    Posted Apr 27, 2017 03:26 PM

    Hi,

    Is it possible to send different reauthentication period for wired 802.1x authentications to a aos 16.01 (2530) Switch via Clearpass policy ?

    I want to change the reauthentication timer for specific usergroups  and policys in clearpass to a different timer, than predefined on the switch in the aaa config.

    So is it possible to send the reauthentication - period via clearpass policy to the swich? thanks a lot



  • 2.  RE: Clearpass Policy for reauthentication period per user on AOS Switch

    EMPLOYEE
    Posted Apr 27, 2017 03:29 PM
    Yes, you can use the standard IETF Session-Timeout AVP.


  • 3.  RE: Clearpass Policy for reauthentication period per user on AOS Switch

    Posted Apr 27, 2017 03:32 PM

    Do i have to change the aaa config on the Switch, to accept the reauth timer ?

    Thanks



  • 4.  RE: Clearpass Policy for reauthentication period per user on AOS Switch

    EMPLOYEE
    Posted Apr 27, 2017 05:35 PM

    In the AAA profile you need to enable the reauthentication parameter, and then enable the "Use server-provided reauthentication interval"

     

    http://www.arubanetworks.com/techdocs/ArubaOS_73_Web_Help/Default.htm#mas_guides/802.1x/Configuring_802_1x_Authe.htm?Highlight=reauthentication



  • 5.  RE: Clearpass Policy for reauthentication period per user on AOS Switch

    Posted Apr 28, 2017 02:33 AM

    HI, i can`t find the server provided reauthentication interval, i `ve got a Aruba 2530 Switch with Softwareversion 16.01

    Thanks



  • 6.  RE: Clearpass Policy for reauthentication period per user on AOS Switch

    EMPLOYEE
    Posted Apr 28, 2017 05:09 AM

    I apologize.  The radius session timeout attribute should be sufficient for AOS switch...



  • 7.  RE: Clearpass Policy for reauthentication period per user on AOS Switch

    Posted May 03, 2017 05:10 PM

    Hi, i`ve done some testing, and configured a rule with 120 seconds sessiontimeout for the test. but the timeout the clearpass is sending to the switch isn`t working, i`ve attached a screenshot of the clearpass enforcementpolicy and the timeoutinformations on the switch



  • 8.  RE: Clearpass Policy for reauthentication period per user on AOS Switch

    Posted May 03, 2017 05:12 PM

    Here`s the switch configuration:

    hostname "HP-2530-8G"
    radius-server host 10.40.200.100 key "Install1!"
    radius-server host 10.40.200.100 dyn-authorization
    radius-server host 10.40.200.100 time-window 0
    radius-server host 10.40.200.99 key "Install1!"
    radius-server host 10.40.200.99 dyn-authorization
    radius-server host 10.40.200.99 time-window 0
    ip default-gateway 10.40.200.254
    snmp-server community "public" unrestricted
    aaa accounting update periodic 3
    aaa accounting network start-stop radius
    aaa authentication port-access eap-radius
    aaa port-access authenticator 7-8
    aaa port-access authenticator 7 client-limit 4
    aaa port-access authenticator 8 client-limit 4
    aaa port-access authenticator active
    aaa port-access mac-based 7-8
    aaa port-access mac-based 7 addr-limit 4
    aaa port-access mac-based 8 addr-limit 4
    vlan 1
       name "DEFAULT_VLAN"
       untagged 1-10
       no ip address
       exit
    vlan 200
       name "Mgmt"
       tagged 1
       ip address 10.40.200.200 255.255.255.0
       exit