cheers, yes I have checked and we do have an "ip client-tracker trusted" at the global level.
I wasnt able to apply it at the vlan though.
Original Message:
Sent: Apr 07, 2024 08:05 PM
From: Ariya Parsamanesh
Subject: framed-ip-address sometimes blank
You also need to configure "client track ip" commands at global and VLAN level, (in reference to CX switches)
for AOS-S, i think the corresponding command is "ip client-tracker "
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Apr 07, 2024 06:17 PM
From: cwnz
Subject: framed-ip-address sometimes blank
Good Morning,
We use a transparent web proxy, which relys on Clearpass sending its radius accounting packets through upon a wired or wireless device authenticating using 802.1x.
The accounting packet needs to contain the framed-ip-address.
My understanding is that the switch sends the IP address to clearpass using a DHCP helper on the aruba switch which is configured on each vlan.
This is working.
Occassionally, we get a radius authentication event in Clearpass, where the framed-ip-address is blank. It only happens on wired 802.1x devices, which are connected to the aruba 2930F switch which has aaa port authentication configured. I realise that this is probably a timing this, and that the device doesn't yet have an IP address at the point that the port is authenticated.
My question is, why does the interim accounting packet not send through to clearpass when the device eventually gets its IP address?
my switches 'radius accounting' is configured with:
aaa server-group radius "CPPM" host 192.168.xx.xx
aaa accounting update periodic 1
aaa accounting commands interim-update radius
aaa accounting network start-stop radius server-group "CPPM"
aaa authentication port-access eap-radius server-group "CPPM"