Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Radius COA problem

This thread has been viewed 21 times

  • 1.  Radius COA problem

    Posted Jun 15, 2018 04:54 AM

    Hey

     

    Trying to get Radius COA working, but it seems to fail. Getting "No response from network device" for example. 

     

    I have a Clearpass with the IP's 10.16.108.54 (data) and 10.0.0.8 (admin).

    The controller VRRP is 10.0.0.14 and the IPs of the controllers are 10.150.0.3-6. 

     

    Our Cisco in between tells me the following:

     

    No matching connection for ICMP error message: icmp src admin:10.0.0.14 dst klient:10.16.108.54 (type 3, code 3) on admin interface.  Original IP payload: udp src 10.16.108.54/46798 dst 10.0.0.14/3799.

     

    This would indicate that the udp/3799 are not available at the 10.0.0.14 vrrp interface. I have tried several combination when enabling COA at device settings in Clearpass and as RFC 3576 server on the controllers.

     

    Can anyone help me with this one ?

     

    Thanx.

     



  • 2.  RE: Radius COA problem

    Posted Jun 15, 2018 06:34 AM
    Did you add the controllers management ips in ClearPass ?
    Make sure that the shared key matches (RADIUS/RFC)

    Sent from Mail for Windows 10


  • 3.  RE: Radius COA problem
    Best Answer

    Posted Jun 15, 2018 06:40 AM

    I just found the solution. The NAS ip was inherited, when setting this to individual ip for each controller, everything works.

     

    I guess when sending COA back to VRRP ip, it cannot handle this, since each controller owns the diffrent session.