Security

Reply
Contributor I
Posts: 90
Registered: ‎08-03-2009

COA not working for cisco Wired Guest

COA is not working for Cisco Wired Guest for ClearPass, 
Intial Mac aithentication is success full 
Moves in to the webauth role for guest registration and guest registration is success full. but the COA doesnt work and does not do the second webauth. Coming out with error " error=No values for param=Radius:IETF:Calling-Station-Id" but i can see that value is populated. 
My contact number is : +97433176030 
The Error in the log is below: Also Attaching the exported logs 

2014-01-01 13:06:08,294 [RequestHandler-1-0x7ff308fe7700 r=W00000169-01-52c3e890 h=17474 c=W00000169-01-52c3e890] INFO Core.PETaskRadiusCoAEnfProfileBuilder - Radius_CoA enfProfiles used: Cisco - Terminate Session- 
2014-01-01 13:06:08,294 [RequestHandler-1-0x7ff308fe7700 r=W00000169-01-52c3e890 h=17474 c=W00000169-01-52c3e890] INFO Core.PETaskRadiusCoAEnfProfileBuilder - UnknownAutzParams to fetch for RadiusCoAEnfProfiles: : 
2014-01-01 13:06:08,294 [RequestHandler-1-0x7ff308fe7700 r=W00000169-01-52c3e890 h=17474 c=W00000169-01-52c3e890] INFO Core.PETaskRadiusCoAEnfProfileBuilder - UnknownNAutzParams to fetch for RadiusCoAEnfProfiles: : Radius:IETF:Calling-Station-Id 
2014-01-01 13:06:08,294 [RequestHandler-1-0x7ff308fe7700 r=W00000169-01-52c3e890 h=17474 c=W00000169-01-52c3e890] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Radius:IETF:Calling-Station-Id}, error=No values for param=Radius:IETF:Calling-Station-Id 
2014-01-01 13:06:08,294 [RequestHandler-1-0x7ff308fe7700 r=W00000169-01-52c3e890 h=17474 c=W00000169-01-52c3e890] ERROR Core.PETaskRadiusCoAEnfProfileBuilder - addParamsFromParameterizedProfile: Failed to find finalValue for name= Radius:IETF:Calling-Station-Id value = %{Radius:IETF:Calling-Station-Id}. Searching attributes from battery 
2014-01-01 13:06:08,294 [RequestHandler-1-0x7ff308fe7700 r=W00000169-01-52c3e890 h=17475 c=W00000169-01-52c3e890] INFO Core.PETaskPostAuthEnfProfileBuilder - getApplicableProfiles: No Post auth enforcement profiles applicable for this device 
2014-01-01 13:06:08,297 [RequestHandler-1-0x7ff308fe7700 h=17479 c=W00000169-01-52c3e890] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr 
2014-01-01 13:06:08,297 [RequestHandler-1-0x7ff308fe7700 h=17478 c=W00000169-01-52c3e890] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr 
2014-01-01 13:06:08,297 [RequestHandler-1-0x7ff308fe7700 r=W00000169-01-52c3e890 h=17466 c=W00000169-01-52c3e890] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_SOAP_WEBAUTH Completed ***

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: COA not working for cisco Wired Guest

In your redirect acl make sure you have the following after the .php

url-redirect=https://cplab.clearpassdemo.com/guest/cisco_guest_3.php?mac=%{Connection:Client-Mac-Address-Colon}
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor I
Posts: 90
Registered: ‎08-03-2009

Re: COA not working for cisco Wired Guest

I do have that in place.. But still doesnt work.

 I see the the calling station id it detects in the format of  hyphen based, Does it create any problem.

 

You can see in the attachment.

 

 

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: COA not working for cisco Wired Guest

I've never tried it hyphen based but you can try changing the last part to hyphen}

Also double check the coa is enabled on the switch and passwords are correct.

I've also seen that issue if coa port 3799 is being blocked.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: