Campus Switching and Routing

Reply
MVP
Posts: 1,011
Registered: ‎04-13-2009

Switch CoA Session-Context-Not-Found

I'm doing dot1x authentication and mac auth on a switch port and also trying to set users VLAN by using the RADIUS CoA. I'm getting the following message in the access tracker on clearpass and it's not setting the VLAN.

 

Application NamePolicy Manager
RADIUS CoA Action TypeCoA
RADIUS CoA Action NameChange to VLAN 251
Status Code0
Status MessageSession-Context-Not-Found
RADIUS CoA AttributesAruba-Vlan = 151
Calling-Station-Id = E8E0B7AC886B

 

Any tips?

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Switch CoA Session-Context-Not-Found

[ Edited ]

Check to make sure that the AAA profile for those ports has CPPM defined as the RFC 3576 server (with the same key as the Network Device definition).   Also, make sure Enable RADIUS CoA is enabled on the Network Device configuration for your switch.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Guru Elite
Posts: 8,793
Registered: ‎09-08-2010

Re: Switch CoA Session-Context-Not-Found

[ Edited ]

Make sure you have CoA (rfc-3576-server) enabled in the AAA profile with the IP address(es) of your ClearPass server.

 

rfc-3576-server.png

 

You can run the command show aaa rfc-3576-server statistics which will show the different types of CoA requests received/processed by the switch.

 

rfc-3576-stats.png

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 1,011
Registered: ‎04-13-2009

Re: Switch CoA Session-Context-Not-Found

Thanks guys. Will check this in the lab tomorrow.
Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Aruba
Posts: 1,377
Registered: ‎12-12-2011

Re: Switch CoA Session-Context-Not-Found

Another thing to note is the controller-IP or the NAS IP set in the AAA advanced tab under Authentication in the controller.  Make sure that whatever the NAS IP is...that is matches on both ends for the CoA to work.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
MVP
Posts: 1,011
Registered: ‎04-13-2009

Re: Switch CoA Session-Context-Not-Found

I've added the RFC 3576 server to the aaa profile I'm using on the port.


Here's what the stats show :

 

 

rfc3576stats.JPG

 

It's working for 802.1x auth clients but not for the MAC auth clients.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
MVP
Posts: 1,011
Registered: ‎04-13-2009

Re: Switch CoA Session-Context-Not-Found

I just recreated my enforcement profile and it's working now. 

Not 100% sure why though which is worrying. :smileyfrustrated:

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Search Airheads
Showing results for 
Search instead for 
Did you mean: