Security

Hello everyone,

I'm trying to set up a service for wireless dot1x authentication with posture healt check. The RADIUS service work perfectly, however, concerning the posture service, I want to use CoA requests to change the state (Termination, reauthentication,...).

My question is how can we send session termination from clearpass to Ruckus SmartZone controler with IETF standard Dynamic Authorization attributes? Is there any Ruckus Dynamic Auth RADIUS template, or attributes i can use in clearpass ? 


Thank you

ClearPass uses these templates for  various vendors. which can be found here.
Administration » Dictionaries » RADIUS Dynamic Authorization Templates

I could not find one for Ruckus per say. But you can use IETF templates



------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------

Original Message:
Sent: Feb 07, 2023 03:33 PM
From: ODaf
Subject: ClearPass Ruckus SmartZone Integration

Hello everyone,

I'm trying to set up a service for wireless dot1x authentication with posture healt check. The RADIUS service work perfectly, however, concerning the posture service, I want to use CoA requests to change the state (Termination, reauthentication,...).

My question is how can we send session termination from clearpass to Ruckus SmartZone controler with IETF standard Dynamic Authorization attributes? Is there any Ruckus Dynamic Auth RADIUS template, or attributes i can use in clearpass ?


Thank you

@ariyap, thank you for your response.
I don't know exactly how can I use IETF templates, i noticed that all templates contain some IETF attributes. Here is an example:

IETF termination template is:
​And cisco terminate session template is:

So i don't know how to adapt the IETF termination template to work with Ruckus Controler
Original Message:
Sent: Feb 08, 2023 01:08 AM
From: ariyap
Subject: ClearPass Ruckus SmartZone Integration

ClearPass uses these templates for  various vendors. which can be found here.
Administration » Dictionaries » RADIUS Dynamic Authorization Templates

I could not find one for Ruckus per say. But you can use IETF templates



------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.

Original Message:
Sent: Feb 07, 2023 03:33 PM
From: ODaf
Subject: ClearPass Ruckus SmartZone Integration

Hello everyone,

I'm trying to set up a service for wireless dot1x authentication with posture healt check. The RADIUS service work perfectly, however, concerning the posture service, I want to use CoA requests to change the state (Termination, reauthentication,...).

My question is how can we send session termination from clearpass to Ruckus SmartZone controler with IETF standard Dynamic Authorization attributes? Is there any Ruckus Dynamic Auth RADIUS template, or attributes i can use in clearpass ?


Thank you

first you need to ensure the Ruckus controller is configured correctly for CoA, once that is done.

test it out with a basic dot1x authentication. the auth should be successful, then from the access tracker you should have an option "change status"

in this example the NAD is a Cisco switch, and it will display Cisco specific authz type, but in your case you should see IETF attrib, select that and click on submit. Once that i ssuccessful then you know your CA is working with Ruckus,

------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------

Original Message:
Sent: Feb 08, 2023 10:07 AM
From: ODaf
Subject: ClearPass Ruckus SmartZone Integration

@ariyap, thank you for your response.
I don't know exactly how can I use IETF templates, i noticed that all templates contain some IETF attributes. Here is an example:

IETF termination template is:
​And cisco terminate session template is:

So i don't know how to adapt the IETF termination template to work with Ruckus Controler
Original Message:
Sent: Feb 08, 2023 01:08 AM
From: ariyap
Subject: ClearPass Ruckus SmartZone Integration

ClearPass uses these templates for  various vendors. which can be found here.
Administration » Dictionaries » RADIUS Dynamic Authorization Templates

I could not find one for Ruckus per say. But you can use IETF templates



------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.

Original Message:
Sent: Feb 07, 2023 03:33 PM
From: ODaf
Subject: ClearPass Ruckus SmartZone Integration

Hello everyone,

I'm trying to set up a service for wireless dot1x authentication with posture healt check. The RADIUS service work perfectly, however, concerning the posture service, I want to use CoA requests to change the state (Termination, reauthentication,...).

My question is how can we send session termination from clearpass to Ruckus SmartZone controler with IETF standard Dynamic Authorization attributes? Is there any Ruckus Dynamic Auth RADIUS template, or attributes i can use in clearpass ?


Thank you