Security

Reply
Frequent Contributor I

Sending H3C terminate session disconnect wired telephone

Hi

 

I have scenario where I have Avaya phones with laptops in daisy chain

All together they are authenticating via ClearPass: ip phone via MAC-auth, laptop via 802.1x. 

because I'm deploying OnGuard i send terminate session after health web-based policy, defualt [H3C Terminate session]

 

After sending this telephones are disconnecting from switche port

 

After some investigation I have found in log for that session that ther'is error in ClearPass to find propoer attributes to send in [H3C Terminate Session]

 

In logs I have found:

WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Radius:IETF:User-Name}, error=No values for param=Radius:IETF:User-Name

WARN Core.PETaskRadiusCoAEnfProfileBuilder - addParamsFromParameterizedProfile: Failed to find finalValue for name= Radius:IETF:User-Name value = %{Radius:IETF:User-Name}. Searching attributes from battery

WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Radius:IETF:Calling-Station-Id}, error=No values for param=Radius:IETF:Calling-Station-Id

WARN Core.PETaskRadiusCoAEnfProfileBuilder - addParamsFromParameterizedProfile: Failed to find finalValue for name= Radius:IETF:Calling-Station-Id value = %{Radius:IETF:Calling-Station-Id}. Searching attributes from battery

 

I suspect that this session ternation doesn;t work as expected and terminate all sessions on port, so my phone dosconnect

 

The switch is Comware HPE 5130 HI

 

Someone have similar problem ?

 

regards 

 

Karol

 

 

 

Guru Elite

Re: Sending H3C terminate session disconnect wired telephone

That means there is no active RADIUS session for the device.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: Sending H3C terminate session disconnect wired telephone

Hi

 

So what You could recommend to work termination only for laptop ?

 

Karol

Guru Elite

Re: Sending H3C terminate session disconnect wired telephone

No, you need to see why there is no RADIUS session for the device you’re trying to disconnect.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: Sending H3C terminate session disconnect wired telephone

Hi 

 

I had made packet capture from ClearPass and Radius debug from the comware switch and I found that CPPM send valid use-rname and MAC-address (Calling-Station-Id) to terminate session to switch port.

But still don't know why IP telephone disconnect, 

I enclose I packet capture dump

I have logged case in HPE support for the switch 

 

regards 

 

Karol

Regular Contributor I

Re: Sending H3C terminate session disconnect wired telephone

Alternatively you could use the bounce client option in the agent enformcent to perform a bounce from the client.



- - - - Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE - - - -
- - - - - - - Feel free to give kudos or accept as a solution! - - - - - - - - -
Frequent Contributor I

Re: Sending H3C terminate session disconnect wired telephone

Hi Fabian

 

I have already reconfigured it to agent bounce port, but I thought about it rather as temporary solution, but maybe It will be the only solution for me 

 

regards

 

Karol

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: