Hi All,
I've just deployed CPPM with Guest with a bunch of IAPs and I'm having no luck getting RADIUS CoA to work. If I go into Guest Manager and click disconnect, I get (almost immediately)
"Error disconnecting session for user bdale. Please check ClearPass Policy Manager -> Access Tracker for more details.
A bit of background:
- All guest authentication is working correctly (as are corporate users), so CP RADIUS<-> IAP VC works
- IAP VC has dynamic-radius-proxy and a static controller IP set
- There are no ACLs/filtering/firewalls between the CPPM and the IAP VC (or other members)
- I can confirm that all requests from the IAPs are displaying the NAS IP of the VC Address
- When I run a packet capture on the IAP VC Master filtered down to port 3799, and manually disconnect a user via Guest Manager, I see nothing in the capture dump
- I also see nothing in Access Tracker on CPPM indicating success or failure.
- IAPs have rfc3576 configured under auth-server
- CPPM has CoA delay set to "2" under Server Configuration / Service Parameters
- In CPPM Guest, the NAS Type is set to Aruba Networks (RFC 3576 Support)
Is there anything I've missed?
Cheers,
Ben