cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2937
Views
1
Helpful
11
Replies

HP Procurve 2920 NAD Profile

Jeffrey Jones
Level 5
Level 5

So they cisco ISE 2.1 is missing a great deal of the CoA Attributes for the HP switch, namely port shutdown, and port bounce. Does anyone have the strings that need to be in there for HP.. or a proper HP NAD Profile they can share.

Thanks

1 Accepted Solution

Accepted Solutions

Not all Cisco-specific CoA directives have comparable options in 3rd-party devices and vice versa.  Beyond RFC-based PoD and CoA Request (Push), other implementations would be vendor specific.  Most vendors do not have a reauth option but opt instead to use CoA Push.  Port Bounce is often implemented as a vendor-specific attribute. 

For more specifics on CoA options supported by newer HP code, see Coa and HP 5130 or 5500 series switches - Airheads Community

In general, CoA reauth is not required as ISE has the ability to "stitch" together a terminated session with a successive attempt after terminate/disconnect.

Hope that helps.

Craig

View solution in original post

11 Replies 11

howon
Cisco Employee
Cisco Employee

Jeffrey, I have created two new NAD profiles you can try for port bounce and terminate. I am not aware of other CoA HPE switches support. See:

HPE-Wired.xml

Thanks I tried to import in to ISE and it gave an error.

I've added additional instructions in the above doc. Please retry.

Followed instructions, same error as before.

I had misspelled the dictionary attribute name in the instructions. Was missing an 'n' in the word 'Bounce'. Try correcting the name:

- Attribute Name: HP-Port-Bounce-Host

Yes, i saw the change, made the change and it imported great. So there really isnt a port shutdown command that can be set via CoA to HP switches? 

what about Re-authenticate commands?  basic, rerun and last... and move vlan, basically move them to vlan 300 which is my remediation vlan.

Yes, i saw the change, made the change and it imported great. So there really isnt a port shutdown command that can be set via CoA to HP switches?

what about Re-authenticate commands?  basic, rerun and last... and move vlan, basically move them to vlan 300 which is my remediation vlan.

can we get it on in one HPE-COAFH profile

I have not found any document stating what is supported on their platforms. If you know of such document I can reference it to add more CoA. Or if you know the attributes, that will work as well. Thanks.

Not all Cisco-specific CoA directives have comparable options in 3rd-party devices and vice versa.  Beyond RFC-based PoD and CoA Request (Push), other implementations would be vendor specific.  Most vendors do not have a reauth option but opt instead to use CoA Push.  Port Bounce is often implemented as a vendor-specific attribute. 

For more specifics on CoA options supported by newer HP code, see Coa and HP 5130 or 5500 series switches - Airheads Community

In general, CoA reauth is not required as ISE has the ability to "stitch" together a terminated session with a successive attempt after terminate/disconnect.

Hope that helps.

Craig

Can we get them in to one profile that would help some.

The 'Terminate' didn't match exactly to two of the options for disconnect that ISE provides so I made it into two separate profiles. If you want you can combine the two by gleaning the profile information and adding it to one of the CoA actions.