Security

Reply
Frequent Contributor II

Issue with RFC3576 disconnect

I have defined the rfc3576 server in the controller.  I have made double sure that the keys match the radius keys on clearpass guest and on the controller.  When I send a disconnect from the cp guest I get this message from cp guest

 

"Disconnect failed – Administratively Prohibited"
 
On the controller I get the following:
 
Jun 21 13:13:57  authmgr[1540]: <520001> <DBUG> |authmgr|  [rc_rfc3576.c:238] IP:0.0.0.0, Name:63954915 sessid=63954915001BB1A74547-02, reqcode=40, rspcode=42, nack=1, error_cause=administratively prohibited
 
It bothers me that the IP is 0.0.0.0.  Is this normal?  I was expecting this to be the radius server (cp guest) and used to match the corresponding key defined in my config.  If this is indeed the case then this explains the error message.  Not sure where to define that on cp guest (amigopod)
Guru Elite

Re: Issue with RFC3576 disconnect

Did you associate the RFC3576 server with the AAA profile of the WLAN that needs to do disconnects on the Aruba controller?  It is not enough to define it.  You need to Assign the RFC3576 server to the CPguest AAA profile on the controller.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Issue with RFC3576 disconnect

cj I yield once more to you superior knowledge :smileywink:

 

You were completely correct, and now it works perfectly.

 

Cheers!

Guru Elite

Re: Issue with RFC3576 disconnect


soapdish wrote:

cj I yield once more to you superior knowledge :smileywink:

 

You were completely correct, and now it works perfectly.

 

Cheers!


Soapdish,

 

I am just more lucky than you in some situations ;)

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Issue with RFC3576 disconnect

Would that be the RADIUS Accounting Server group where you would associate the RFC3576 server with the AAA profile?

Moderator

Re: Issue with RFC3576 disconnect

It is below the reset of the settings for our aaa profile - see screenshot below

 

rfc3576.jpg.jpg

Contributor II

Re: Issue with RFC3576 disconnect

Awesome.. Helped me a lot!!

 

Thanks,

Bharani..

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: