Security

Reply
Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Radius COA problem between controller and clearpass

Hi,

 

I want to use Radius CoA between a controler and Clearpass for disconnect user session with a "Terminate Aruba Session" but it doesn't work.

I have this messge in "acccess tracker"

 

Status MessageSession-Context-Not-Found

 

 

In the controler,

 

in the RFC Statistics,  all the time the "Disconnect Rej" increment  !!!

 

in the log of aaa about RFC, i have the message  : 

Dec 30 10:36:28 :121031: <DBUG> |authmgr| |aaa| [rc_api.c:1188] Invalid parameters, setting nas_port_type to wireless
Dec 30 10:36:29 :121031: <DBUG> |authmgr| |aaa| [rc_sequence.c:115] seq_num_timeout_handler: Freed 0 entries

 

Do you have an idea ?

 

My configuration : 

CPPM: RADIUS CoA is enabled and using port 3799.

Controller: RFC3746 server defined in AAA profile. Key matches key specific in device details above.

 

Regards

 

Yann

 

 

 

 

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Radius COA problem between controller and clearpass

Yann Dorval,

 

Please make sure that the nas-ip-address parameter configured on the controller for clearpass matches the ip address defined in ClearPass

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Re: Radius COA problem between controller and clearpass

Hi Cjoseph,

 

Thanks for your answer : 

 

i have check it

 

On my controler : 

Capture03.JPG

 

On my CPPM

 

Capture02.JPG

 

regards

 

 

 


Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Radius COA problem between controller and clearpass

Yann Dorval,

 

Not in the RFC 3576 definition.  Check in the Radius Server definition on the controller.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Re: Radius COA problem between controller and clearpass

Cjoseph,

 

I think it's good

 

Capture04.JPG

Capture06.JPG

 

Regards

 

Yann

Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Re: Radius COA problem between controller and clearpass

It's strange because in my Access Tracker -> Accounting -> Networ Detail, i have the good NAS-Port-Type

 

NAS IP Address:
10.1.8.50:0
NAS Port Type:
Wireless-802.11

 

regards

 

Yann

Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Re: Radius COA problem between controller and clearpass

in debug aaa you can see, 2 msg about the NAS port Type

 

Capture14.JPG

MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: Radius COA problem between controller and clearpass

i don't see the COA server connected to your AAA profile, is it there?

 

your not doing anything special with your network, i.e. NATing, firewall in between, ...?

Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Re: Radius COA problem between controller and clearpass

hi boneyard,

 

thanks for your reply, for me it's already connected to my aaa profile, see below ( RFC 3576 server 10.1.8.7).

The CPPM and Clearpass are in the same VLAN, network, IP range,  there are nothing between each.

 

Capture20.JPG

 

Regards

 

Yann 

MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: Radius COA problem between controller and clearpass

and you can't do an CoA on any session? you have check with a recent session you just logged in with?

 

only thing i would try then is to reset all shared secrets, so on controller (RFC... and radius server) and on clearpass with an easy one. just to rule out any copy paste / fat finger errors.

 

after that i would contact TAC (and go through all of the above again first :) ).

Search Airheads
Showing results for 
Search instead for 
Did you mean: