Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor II
Posts: 45
Registered: ‎09-01-2012

iap-93 rfc-3576

hy all,

 

i was wondering how the ipa-93 compliance of rfc-3576 works ?

 

i'm currently using packetfence and it tries to access my iap-93 on port UDP/3799.

 

any clues ?

 

Regards,

 

Xinity

Guru Elite
Posts: 20,585
Registered: ‎03-29-2007

Re: iap-93 rfc-3576

Xinity,

 

Do you have your packetfence setup as a radius server with RFC3576 enabled on your IAP virtual controller?

 

3576.png



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 45
Registered: ‎09-01-2012

Re: iap-93 rfc-3576

[ Edited ]

hy,

 

packetfence has a configuration template for all Aruba devices, which is what i have used.

i don't remember setting anything about NAS-Identifier in packetfence (which uses freeradius) .

 

i my case:

- NAS IP address -->  IP of my VC (@range.7) my access point is using @range.8

- NAS Identifier --> [blank]

 

 i forgot to mention that i my Access point, i've enabled RFC-3576

 

Thanks for your help,

 

Regards,

 

Xinity

 

 

Guru Elite
Posts: 20,585
Registered: ‎03-29-2007

Re: iap-93 rfc-3576

Xinity,

 

Theoretically that should work, but I do not know if Packetfence specifically was tested...

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 45
Registered: ‎09-01-2012

Re: iap-93 rfc-3576

thanks anyway,

 

i'll dig in to see how to make this work :)

 

Regards,

 

Xinity

Occasional Contributor II
Posts: 45
Registered: ‎09-01-2012

Re: iap-93 rfc-3576

Can you explain how the iap-93 should handle CoA request ?

it is using a specific network port (tcp/udp ?)

 

i've read about the RFC3576.

the RFC is related to

 

I°) Dynamic Authorization Extensions to Radius:

"The NAS responds to a Disconnect-Request packet sent by a RADIUS server with a Disconnect-ACK if all associated session context is discarded and the user session is no longer connected, or a Disconnect-NAK, if the NAS was unable to disconnect the session and discard all associated session context"

 

II°) Change-of-Authorization-Messages (CoA):

"The NAS responds to a CoA-Request sent by a RADIUS server with a CoA-ACK if the NAS is able to successfully change the authorizations for the user session, or a CoA-NAK if the Request is unsuccessful."

 

which is available on an IAP-93 arubaOS 6.1.3.1-3.0.0.2_34479 ?

how to use this/these feature(s) ?

 

Thanks for your precious help,

 

Regards,

 

Xinity

Regular Contributor I
Posts: 232
Registered: ‎01-19-2013

Re: iap-93 rfc-3576

Hello,

 

did you get Packetfence work with your IAP?

 

I tried it to with an Aruba IAP 135 but I didn´t get it work, yet.

 

 

Occasional Contributor II
Posts: 45
Registered: ‎09-01-2012

Re: iap-93 rfc-3576

Hy,

 

I did make my IAP-93 work with packetfence, except for the CoA, i'm still fighting :(

do you need any help ?

Regular Contributor I
Posts: 232
Registered: ‎01-19-2013

Re: iap-93 rfc-3576

yes I need help.

What have you configure on the IAP and what did you configure at the packetfence site?

 

I tried it but it won´t work.

 

 

 

Regular Contributor I
Posts: 232
Registered: ‎01-19-2013

Re: iap-93 rfc-3576

Ok I tried it so mutch but it didn´t work.

 

I configure it like in this link:
http://www.packetfence.org/bugs//bug_view_advanced_page.php?bug_id=1618

 

but it won´t work.

 

The Packetfence Server didn´t answer:

Capture.JPG

 

I don´t unsterstand the port is rigt the shared secret is right (I use the default testing123):smileysad:

 

I hope you can help me to get this work.

Search Airheads
Showing results for 
Search instead for 
Did you mean: