Controllerless Networks

Reply
Contributor II

CoA with Instants

We are running latest CPPM code 6.4.1.30651 and Aruba Instant code 6.4.2.0

We are trying to implement CoA to force clients to re-authenticate after a certain

time period.

The problem is we see this working with Aruba controller code but NOT with instant.

Any ideas?

cheers

Pete

 

Re: CoA with Instants

From ClearPass you can set an radius attribute with session-timeout on the enforcement profile

 

2014-10-08 12_17_43-Chrome Remote Desktop.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite

Re: CoA with Instants

If you use session-timeout, make sure you have RADIUS accounting enabled.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: CoA with Instants

Valid point by cappalli..

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II

Re: CoA with Instants

Thanks for reply.

We have accounting enabled and all works fine, but we have to issue a CoA at specific times

for the solution to work.

My question is does CoA work between Instants and CPPM?

cheers

pete

 

p.s. works great with controller

Guru Elite

Re: CoA with Instants

Yes, CoA should work with Instant. Can you try to manually issue a CoA from access tracker and see if it gives you an error?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: CoA with Instants

already tried that same result.

 

Guru Elite

Re: CoA with Instants

What does it say in ClearPass when you do it?

Successful, administratively prohibited or session context not found?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: CoA with Instants

Tim,

extract from CPPM Access Tracker,

:-

Date and Time Oct 08, 2014 13:10:22 BST
Application Name Policy Manager
RADIUS CoA Action Type Disconnect
RADIUS CoA Action Name [Aruba Terminate Session]
Status Code 0
Status Message Radius [Aruba Terminate Session] failed for client 00224360da63
RADIUS CoA Attributes Calling-Station-Id = 00224360da63

Guru Elite

Re: CoA with Instants

Do you have RFC 3576 enabled in your RADIUS server configuration in Instant?

 

rfc3576-instant.png


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: