Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Endpoints show as offline

This thread has been viewed 2 times

  • 1.  Endpoints show as offline

    Posted Feb 07, 2019 11:49 AM

    Hi there,

     

    I have two Cisco 4500E that are configured in the exactly the same way.

    The switch config and clearpass device config are the same.

    Strange thing is that endpoints on one of the switches show as Online, but all the endpoints on the other switch show as Offline.
    I can see that both are sending Accounting information to Clearpass (End Timestamp = Still Active). I also enabled Interim accounting.

    Any idea what can be causing the problem? What info does ClearPass use to mark an endpoint as Online?

     

    Thanks



  • 2.  RE: Endpoints show as offline

    Posted Feb 07, 2019 12:50 PM

    Using the API I see that the devices with a wrong status have the following:

     

            "acctstoptime": "1549310728.29079",
            "acctterminatecause": null,

     

    Notice the "dot<number>" for acctstoptime.

    "AcctTerminateCause" is null, because the session didnt terminate.