Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Onguard agent Question

This thread has been viewed 7 times

  • 1.  Onguard agent Question

    Posted Sep 17, 2018 06:40 AM

    Hello,

    We are using onguard - 6.6.9.  Sometimes we get a client that has passed the checks and is healthy.  The clearpass server lists the response as healthy and the agent agrees.

     

    However the client stays on the quarantined vlan.  I fixed this on my personal laptop by uninstalling the clearpass onguard and reinstalling it.

     

    I read the troubleshooting guide, but nothing specific for this.

     

    Any ideas?



  • 2.  RE: Onguard agent Question

    Posted Sep 17, 2018 09:11 AM
    Is this wireless or wired ? Are you sending a CoA? When it is healthy how are you assigning /returning the VLAN?



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: Onguard agent Question

    Posted Sep 17, 2018 09:31 AM

    hey

     

    it is a wireless and wired.  But we use 99% wireless, so havent heard of issues with wired.

     

    Unhealthy clients start at vlan2, a vlan on the controller

     

    When healthy it does a terminate session and an agent bounce (bounce client: true, macs seemed to only respond to an agent bounce)  and uses the allow access enforcement profile. RADIUS Accept.  This is the default vlan of the HP wifi controller wireless service.

     

    Works most of the time.



  • 4.  RE: Onguard agent Question

    Posted Sep 18, 2018 09:20 AM

    I recommend you use one or the other , meaning dont use terminate session and bounce client at the same time