Controller Based WLANs

How to change the port for Change of Authorization (CoA) that is received on for Aruba Controller?

Aruba Employee
Requirement:

This Article helps in providing the steps to  change the UDP port of RADIUS Authorization (CoA) that is received on for Aruba Controller from the server

 

 


 



Solution:

Step 1: 

Permit the UDP port number under Control Processor(CP) white list

Whitelist ACLs consist of rules that explicitly permit or deny session traffic from being forwarded or not to the controller. This prohibits traffic from being automatically forwarded to the controller if it was not specifically denied in a blacklist.

Step 2:

Map the above specified UDP port to rfc-3576-server

 



Configuration:

Step 1:

Syntax:

(Aruba-Master) (config) #firewall cp
(Aruba-Master) (config-fw-cp) #ipv4 permit any proto <Protocol#> ports <Start Port#> <End Port#>

Example:

(Aruba-Master) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z

(Aruba-Master) (config) #firewall cp
(Aruba-Master) (config-fw-cp) #ipv4 permit any proto 17 ports 1700 1700

 

Step 2:

Syntax: (Aruba-Master) (config) #ip radius rfc-3576-server udp-port <port number permitted under firewall CP>

Example:

(Aruba-Master) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z

(Aruba-Master) (config) #ip radius rfc-3576-server udp-port 1700



Verification

To Verify the ports allowed under Firewall CP

(Aruba-Master)#show firewall-cp

CP firewall policies
--------------------
IP Version  Source IP  Source Mask  Protocol  Start Port  End Port  Action          hits  contract
----------  ---------  -----------  --------  ----------  --------  --------------  ----  --------
ipv4        any                                                     17        1900        1900      Permit          0
ipv4        any                                                     17        5999        5999      Permit          0
ipv4        any                                                     17        1700        1700      Permit          0
 

To Verify the rfc-3576-server port mapping:

(Aruba-Master7240) #show running-config | begin rfc-3576-server
Building Configuration...
ip radius rfc-3576-server udp-port 1700
 

 

Version history
Revision #:
2 of 2
Last update:
‎03-21-2017 01:06 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.