Security

 View Only

  • 1.  Clearpass Onboard Delete Device

    Posted Feb 28, 2022 12:55 PM
    Hi All,

    I have problem with clearpass onboard.

    So, after upgrading to Clearpass 6.7.X from 6.6.X, there was an issue where I've already deleted the device on onboard menu, then disable and enable wireless connection on the device, but still the device can connect to the onboard network.

    in clearpass 6.6.x when i delete the device, the device will no longer connect to the onboard network.

    any solution about this?




    ------------------------------
    achmad arifin
    ------------------------------


  • 2.  RE: Clearpass Onboard Delete Device

    Posted Feb 28, 2022 07:43 PM
    With EAP-TLS unless you are doing authorization the auth part just checks if the cert is trusted or not. You could enable OCSP checks against onboard CA or perform some authorization checks to deny access when the cert is deleted.



    ------------------------------
    Mathew George
    ------------------------------

    Original Message


  • 3.  RE: Clearpass Onboard Delete Device

    Posted Feb 28, 2022 07:55 PM
    Hi matt,

    But in Clearpass version 6.6.7 i use EAP-TLS as authentication method, and after i deleted the device, the device will no longer connect to the onboard network.

    here's the authorization source in my service.

    there is any different clearpass version 6.6.x with 6.7.x?

    ------------------------------
    achmad arifin
    ------------------------------

    Original Message


  • 4.  RE: Clearpass Onboard Delete Device

    Posted Mar 01, 2022 04:45 AM
    Please upgrade to 6.9 or 6.10. ClearPass 6.7 is end-of-support; 6.8 will be end-of-support in 3 weeks from now.

    I would not expect differences in 6.6 vs 6.7, and OCSP (block deleted/revoked certificate) and Authorization (check that the requesting account is still valid) are the key parameters to this question. Please let us know if you still see the same after upgrading, please check in the Onboard CA what is the status of the certificate that you deleted. It may not be actually deleted/revoked when you deleted the device or certificate. As with the settings that you posted it is expected that a revoked or deleted certificate is rejected, it may be best to open a support case once you are on a supported ClearPass version.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 5.  RE: Clearpass Onboard Delete Device

    Posted Mar 01, 2022 05:22 AM
    Hi Herman,

    I already try use EAP-TLS with OCSP enable as authentication method, and now deleted devices can no longer connect to the onboard network.
    Here i attached log when use EAP-TLS and EAP-TLS with OCSP enable
    Delete Device
     
    EAP-TLS

    EAP-TLS with OCSP enable

    Log Access Tracker


    ------------------------------
    achmad arifin
    ------------------------------

    Original Message


Related Content