Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

RFC 3576 with Cisco ISE

This thread has been viewed 15 times

  • 1.  RFC 3576 with Cisco ISE

    Posted Apr 25, 2013 03:55 PM

    We're in the process of testing a Cisco ISE appliance and one feature I'm trying to get to work is RFC 3576 / AKA COA.  It seems however that Cisco has decided to use UDP port 1700 instead of the RFC standard of 3799.  Also, it doesn't seem to be possible to change this on the Cisco side and they have indicated that it would have to be added as a feature request.

     

    What I'm wondering is if Aruba might consider adding in the port number in the ArubaOS configuration so we can specify which port to listen on for COA packets?

     

    https://supportforums.cisco.com/message/3840723



  • 2.  RE: RFC 3576 with Cisco ISE

    Posted Apr 26, 2013 12:26 PM

    You can configure the port in clearpass for COA when you set up the NAS device. FYI.



  • 3.  RE: RFC 3576 with Cisco ISE

    Posted Nov 19, 2014 02:49 PM

    But is it possible to change the port on the Aruba controller to 1700?

     

    Thanks,

    Shawn



  • 4.  RE: RFC 3576 with Cisco ISE

    EMPLOYEE
    Posted Nov 19, 2014 04:12 PM

    No. Aruba followed the standard.



  • 5.  RE: RFC 3576 with Cisco ISE

    Posted Mar 16, 2015 12:31 PM

    Did you try this?

     

    (Aruba650) #configure terminal

    Enter Configuration commands, one per line. End with CNTL/Z

    (Aruba650) (config) #firewall cp

    (Aruba650) (config-fw-cp) #permit proto 17 ports 1700 1700

    (Aruba650) (config-fw-cp) #exit

    (Aruba650) (config) #ip radius rfc-3576-server udp-port 1700

    (Aruba650) (config) #end

     

    I saw this here http://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-85-Integrating_Aruba_Networks.pdf