Security

Reply
Highlighted
Contributor I

Online Status unavailable

Hi, 

When authenticate a client from Clearpass, I see the online status as Unavailabe. The switch is a Pica8 switch with accounting start/stop enabled. What should I do to correct this. My clearpass version is 6.8.

networkers2211_0-1585545100746.png

networkers2211_1-1585545270070.png

 

 

Highlighted
Aruba Employee

Re: Online Status unavailable

Is ClearPass Insight enabled?

Highlighted
Moderator

Re: Online Status unavailable

If the switch supports interim radius accounting, can you please enable that.


Best Regards
-d

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Highlighted
Contributor I

Re: Online Status unavailable

Hi danny,

 

The switch does not support interim update packets yet but the insight is enabled. Is the online status determined by the interim packet update or just the accounting start/stop.

Highlighted
Occasional Contributor II

Re: Online Status unavailable

hi i see the exactly same problem on my network

 

after interim accounting enabled  user status changed on access tracker

 

i search cppm user guide but not found that it must be enabled but i guess it must

 

Highlighted
Aruba Employee

Re: Online Status unavailable

In theory just having the RADIUS Accounting Start should indicate to the ClearPass Online status.

Likewise, having the RADIUS Accounting Stop should indicate the Offline status.

Historically, there have been numerous issues with RADIUS Accounting - particularly the RADIUS Accounting Stop.

Keep in mind that a RADIUS Accounting session is different to a RADIUS session. A RADIUS Accounting session can relate to multiple RADIUS sessions. Hence, a reason that you may not see the Online/Offline status on this RADIUS authentication is that it may not have associated with an existing RADIUS Accounting session (some may view this as a bugette ;-))

Typically in the AccessTracker event: If you are not seeing the RADIUS Accounting tab it is an indication that ClearPass has not seen the associated RADIUS Accounting Start (or the start was "initially" associated with another RADIUS Authentication).

I find the AccessTracker event's Summary Online/Offline Status is unreliable - better to look at the RADIUS Accounting tab's Status field.

The RADIUS Accounting Interim packet is highly desirable. Firstly the device's IPv4 and IPv6 information is normally proactively sent in the Interim packet (in the Framed_IP_Address and Framed_IPv6_Address attribute respectively) when the NAS learns the device's IPs. This can then be used to inform upstream devices(ie RESTful or syslog) or initiate a proactive scan...

Secondly, it include the ingress/egress bytes - this can monitored for volume usage.

Finally, if this is a long term session (ie longer than 24 hours) and ClearPass does not see an update in 24 hours it will assume this is a stale session and "close" and mark it "Offline" (this does not affect the session itself): ClearPass will not be able to issue CoA to this device.

 

Highlighted
MVP Expert

Re: Online Status unavailable

Check 6.8.4 release note, we have known issue related to online status not showing in insight and fixed in this code.

 

https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.8.4/Default.htm#WhatsNew/Resolved_Insight.htm?Highlight=33844

 

 


Pavan Arshewar | ACCP

If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: