Security

Reply
Contributor II
Posts: 55
Registered: ‎03-03-2011

RFC 3576 with Cisco ISE

We're in the process of testing a Cisco ISE appliance and one feature I'm trying to get to work is RFC 3576 / AKA COA.  It seems however that Cisco has decided to use UDP port 1700 instead of the RFC standard of 3799.  Also, it doesn't seem to be possible to change this on the Cisco side and they have indicated that it would have to be added as a feature request.

 

What I'm wondering is if Aruba might consider adding in the port number in the ArubaOS configuration so we can specify which port to listen on for COA packets?

 

https://supportforums.cisco.com/message/3840723

MVP
Posts: 500
Registered: ‎04-03-2007

Re: RFC 3576 with Cisco ISE

You can configure the port in clearpass for COA when you set up the NAS device. FYI.

==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
New Contributor
Posts: 1
Registered: ‎11-19-2014

Re: RFC 3576 with Cisco ISE

But is it possible to change the port on the Aruba controller to 1700?

 

Thanks,

Shawn

Guru Elite
Posts: 8,451
Registered: ‎09-08-2010

Re: RFC 3576 with Cisco ISE

[ Edited ]

No. Aruba followed the standard.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 76
Registered: ‎11-23-2010

Re: RFC 3576 with Cisco ISE

Did you try this?

 

(Aruba650) #configure terminal

Enter Configuration commands, one per line. End with CNTL/Z

(Aruba650) (config) #firewall cp

(Aruba650) (config-fw-cp) #permit proto 17 ports 1700 1700

(Aruba650) (config-fw-cp) #exit

(Aruba650) (config) #ip radius rfc-3576-server udp-port 1700

(Aruba650) (config) #end

 

I saw this here http://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-85-Integrating_Aruba_Networks.pdf

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: