Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Online Status unavailable

This thread has been viewed 10 times

  • 1.  Online Status unavailable

    Posted Mar 30, 2020 01:16 AM

    Hi, 

    When authenticate a client from Clearpass, I see the online status as Unavailabe. The switch is a Pica8 switch with accounting start/stop enabled. What should I do to correct this. My clearpass version is 6.8.

    networkers2211_0-1585545100746.png

    networkers2211_1-1585545270070.png

     

     



  • 2.  RE: Online Status unavailable

    EMPLOYEE
    Posted Mar 30, 2020 01:40 AM

    Is ClearPass Insight enabled?



  • 3.  RE: Online Status unavailable

    Posted Mar 30, 2020 01:55 AM

    If the switch supports interim radius accounting, can you please enable that.



  • 4.  RE: Online Status unavailable

    Posted Mar 30, 2020 02:04 AM

    Hi danny,

     

    The switch does not support interim update packets yet but the insight is enabled. Is the online status determined by the interim packet update or just the accounting start/stop.



  • 5.  RE: Online Status unavailable

    Posted Mar 30, 2020 04:52 AM

    hi i see the exactly same problem on my network

     

    after interim accounting enabled  user status changed on access tracker

     

    i search cppm user guide but not found that it must be enabled but i guess it must

     



  • 6.  RE: Online Status unavailable

    EMPLOYEE
    Posted Mar 30, 2020 05:21 AM

    In theory just having the RADIUS Accounting Start should indicate to the ClearPass Online status.

    Likewise, having the RADIUS Accounting Stop should indicate the Offline status.

    Historically, there have been numerous issues with RADIUS Accounting - particularly the RADIUS Accounting Stop.

    Keep in mind that a RADIUS Accounting session is different to a RADIUS session. A RADIUS Accounting session can relate to multiple RADIUS sessions. Hence, a reason that you may not see the Online/Offline status on this RADIUS authentication is that it may not have associated with an existing RADIUS Accounting session (some may view this as a bugette ;-))

    Typically in the AccessTracker event: If you are not seeing the RADIUS Accounting tab it is an indication that ClearPass has not seen the associated RADIUS Accounting Start (or the start was "initially" associated with another RADIUS Authentication).

    I find the AccessTracker event's Summary Online/Offline Status is unreliable - better to look at the RADIUS Accounting tab's Status field.

    The RADIUS Accounting Interim packet is highly desirable. Firstly the device's IPv4 and IPv6 information is normally proactively sent in the Interim packet (in the Framed_IP_Address and Framed_IPv6_Address attribute respectively) when the NAS learns the device's IPs. This can then be used to inform upstream devices(ie RESTful or syslog) or initiate a proactive scan...

    Secondly, it include the ingress/egress bytes - this can monitored for volume usage.

    Finally, if this is a long term session (ie longer than 24 hours) and ClearPass does not see an update in 24 hours it will assume this is a stale session and "close" and mark it "Offline" (this does not affect the session itself): ClearPass will not be able to issue CoA to this device.

     



  • 7.  RE: Online Status unavailable

    EMPLOYEE
    Posted Mar 30, 2020 06:01 AM

    Check 6.8.4 release note, we have known issue related to online status not showing in insight and fixed in this code.

     

    https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.8.4/Default.htm#WhatsNew/Resolved_Insight.htm?Highlight=33844