ClearPass 6.12.6
APs 10.7.2.1
Having an issue with the regularity of the OnGuard health check interval and successful returning of roles from ClearPass to Aruba Central over wireless.
The health check appears to occur every 3mins consistently, which in itself works fine. ClearPass returns an Aruba-User-Role to the wireless e.g. OnGuard-Healthy, Quarantine etc. Which also works, I can see the role being correctly returned by ClearPass in the access tracker.
However, Aruba Central does not appear to pick up the role fast enough, before the agent bounces again (3mins) and leaves the client without a role assigned. If I alter the OnGuard agent settings to OnGuard Health Check Interval (in hours) = 1 then Aruba Central picks up the role correctly. But this interval is too long if a client was in the Quarantined role, for example. You also cannot use the 'Retry' button on the agent to trigger a manual health check either, as this does not generate an entry in the access tracker. The role only seems to update in Central after around 5-6mins, but 3mins is too soon.
The roles are quite essential to the functionality - as I need to be able to apply ACLs/VLANs/redirects for quarantined devices using roles.
I cannot see anywhere a 3min/ 180sec interval is set in the agent or in cluster wide parameters.
I've seen suggestions of adding an agent-session limit enforcement to the health check service, which I have done, but does not take effect. The agent will still run a health check within 3mins.
This is not an issue with wired devices as the role appears within the port-access client list on my CX switch almost immediately.
-------------------------------------------