Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Windows workstation DHCP request after Cisco Terminate Session

This thread has been viewed 0 times

  • 1.  Windows workstation DHCP request after Cisco Terminate Session

    Posted Apr 01, 2020 09:12 PM

    We have Onguard set up to do system health checks when first logging on to the network.

     

    Policy is set if system comes back with any status but healthy, to terminate session after posture check, then allow 802.1x service to drop to untrusted vlan.

    If system comes back healthy, terminate session after posture check, then allow 802.1x service to drop to trusted vlan.

     

    My issue is when a system changes health status, the session is terminated on the Cisco switch as expected, 802.1x service is run again and system is assigned the correct vlan, but the Windows workstation does not make a dhcp request after the session is terminated, and does not pick up an IP for the vlan it was assigned.

     

    A temporary work around is to run ipconfig/release, renew after the workstation changes health status, but I need the workstation to automatically send a new DHCP request after the session is terminated.

     

    Anyone have a similar issue?



  • 2.  RE: Windows workstation DHCP request after Cisco Terminate Session

    MVP GURU
    Posted Apr 01, 2020 09:37 PM

    Have you tested by doing a Cisco terminate, and a Cisco bounce port?

    - Terminate re-initializes the authenticator state.

    - Bounce Port will disable and re-enable the port. This should be enough to have the client request DHCP again.

     

     



  • 3.  RE: Windows workstation DHCP request after Cisco Terminate Session

    Posted Apr 01, 2020 09:41 PM

    We are using Cisco terminate session, which does everything exactly as expected, but the Windows workstation does not make a new DHCP request.

     

    Cisco bounce port works too, however these workstations are daisy-chained to PoE phones and bouncing the port causes the phone to reboot.



  • 4.  RE: Windows workstation DHCP request after Cisco Terminate Session

    MVP GURU
    Posted Apr 01, 2020 09:43 PM

    How about the OnGuard Agent bounce port then?

     

     



  • 5.  RE: Windows workstation DHCP request after Cisco Terminate Session

    Posted Apr 01, 2020 09:45 PM

    Would that cause the switch port to bounce?



  • 6.  RE: Windows workstation DHCP request after Cisco Terminate Session

    Posted Apr 01, 2020 09:52 PM

    Also, where is the OnGuard Agent bounce port profile?



  • 7.  RE: Windows workstation DHCP request after Cisco Terminate Session

    MVP GURU
    Posted Apr 01, 2020 09:56 PM

    See the screenshots. You can return an OnGuard Agent enforcement profile to bounce the clients network connection with onguard installed:

     

    Screen Shot 2020-04-01 at 9.53.55 PM.png

     

    Screen Shot 2020-04-01 at 9.53.59 PM.png



  • 8.  RE: Windows workstation DHCP request after Cisco Terminate Session

    MVP GURU
    Posted Apr 01, 2020 09:56 PM

    This will not bounce the switch port, just the clients NIC.

     

     



  • 9.  RE: Windows workstation DHCP request after Cisco Terminate Session

    Posted Apr 01, 2020 09:57 PM

    Those screenshots are so tiny, I can't see them. Do you have a higher resolution?

     

    Thanks!



  • 10.  RE: Windows workstation DHCP request after Cisco Terminate Session
    Best Answer

    MVP GURU
    Posted Apr 01, 2020 09:59 PM

    See attachments instead.

     

     



  • 11.  RE: Windows workstation DHCP request after Cisco Terminate Session

    Posted Apr 01, 2020 10:29 PM

    OK this looks to work when changing status from healthy to unhealthy and vice versa. Client is now requesting new DHCP IP upon health change.

     

    Thank you for your help!