Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Onguard Agent Status Does Not Change Clients VLAN/Role

This thread has been viewed 0 times

  • 1.  Onguard Agent Status Does Not Change Clients VLAN/Role

    Posted Jan 20, 2020 03:12 AM

    Hi,

     

    Triying to figure my issue in clearpass wired setup particular the onguard/webauth services. how do i change my vlan from endpoints level to be aligned from the status of my onguard (persistent) health status. 

     

    As i observe i have an quarantine VLAN if my status is unhealthy however if i re-run the onguard agent and got the healthy status my vlan and ip address still in quarantine vlan. 

     

    Thanks

     

     



  • 2.  RE: Onguard Agent Status Does Not Change Clients VLAN/Role

    EMPLOYEE
    Posted Jan 20, 2020 04:38 AM

    Hi,

     

    Do you have a CoA in your WebAuth for "HEALTHY(0)" or Not equals to HEALTHY(0)?

     

    In both the cases you need to disconnect the client from layer 3 network using Change of Authorization(CoA) to force him to re-authenticate.

     

    onguard.JPG

     

     

    Vikram Sonawane | ACCP | @vicky24081990



  • 3.  RE: Onguard Agent Status Does Not Change Clients VLAN/Role

    Posted Jan 22, 2020 10:11 PM

    Thanks for the feedback, i just radius coa terminate switching session. Is that is what you are referring else, may i request how to enable COA for the 6.8 CPPM version. 

     

    Thanks in Advance!



  • 4.  RE: Onguard Agent Status Does Not Change Clients VLAN/Role

    EMPLOYEE
    Posted Jan 23, 2020 02:56 AM
      |   view attached
    Yes , Correct force client to reconnect using the CoA so the client can send the new request with updated health status

    You can enable th radius CoA under Network Devices by editing the NAD device.