Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Sending H3C terminate session disconnect wired telephone

This thread has been viewed 1 times

  • 1.  Sending H3C terminate session disconnect wired telephone

    Posted Mar 20, 2019 11:25 AM

    Hi

     

    I have scenario where I have Avaya phones with laptops in daisy chain

    All together they are authenticating via ClearPass: ip phone via MAC-auth, laptop via 802.1x. 

    because I'm deploying OnGuard i send terminate session after health web-based policy, defualt [H3C Terminate session]

     

    After sending this telephones are disconnecting from switche port

     

    After some investigation I have found in log for that session that ther'is error in ClearPass to find propoer attributes to send in [H3C Terminate Session]

     

    In logs I have found:

    WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Radius:IETF:User-Name}, error=No values for param=Radius:IETF:User-Name

    WARN Core.PETaskRadiusCoAEnfProfileBuilder - addParamsFromParameterizedProfile: Failed to find finalValue for name= Radius:IETF:User-Name value = %{Radius:IETF:User-Name}. Searching attributes from battery

    WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Radius:IETF:Calling-Station-Id}, error=No values for param=Radius:IETF:Calling-Station-Id

    WARN Core.PETaskRadiusCoAEnfProfileBuilder - addParamsFromParameterizedProfile: Failed to find finalValue for name= Radius:IETF:Calling-Station-Id value = %{Radius:IETF:Calling-Station-Id}. Searching attributes from battery

     

    I suspect that this session ternation doesn;t work as expected and terminate all sessions on port, so my phone dosconnect

     

    The switch is Comware HPE 5130 HI

     

    Someone have similar problem ?

     

    regards 

     

    Karol

     

     

     



  • 2.  RE: Sending H3C terminate session disconnect wired telephone

    EMPLOYEE
    Posted Mar 20, 2019 11:27 AM
    That means there is no active RADIUS session for the device.


  • 3.  RE: Sending H3C terminate session disconnect wired telephone

    Posted Mar 20, 2019 11:31 AM

    Hi

     

    So what You could recommend to work termination only for laptop ?

     

    Karol



  • 4.  RE: Sending H3C terminate session disconnect wired telephone

    EMPLOYEE
    Posted Mar 20, 2019 11:55 AM
    No, you need to see why there is no RADIUS session for the device you’re trying to disconnect.


  • 5.  RE: Sending H3C terminate session disconnect wired telephone

    Posted Mar 26, 2019 11:46 AM
      |   view attached

    Hi 

     

    I had made packet capture from ClearPass and Radius debug from the comware switch and I found that CPPM send valid use-rname and MAC-address (Calling-Station-Id) to terminate session to switch port.

    But still don't know why IP telephone disconnect, 

    I enclose I packet capture dump

    I have logged case in HPE support for the switch 

     

    regards 

     

    Karol



  • 6.  RE: Sending H3C terminate session disconnect wired telephone

    Posted Mar 26, 2019 05:30 PM

    Alternatively you could use the bounce client option in the agent enformcent to perform a bounce from the client.



  • 7.  RE: Sending H3C terminate session disconnect wired telephone

    Posted Mar 26, 2019 06:02 PM

    Hi Fabian

     

    I have already reconfigured it to agent bounce port, but I thought about it rather as temporary solution, but maybe It will be the only solution for me 

     

    regards

     

    Karol