Security

last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Should I be able to CoA a wpa2-psk mac auth'd session

This thread has been viewed 2 times

  • 1.  Should I be able to CoA a wpa2-psk mac auth'd session

    Posted Jul 19, 2018 06:39 AM
      |   view attached

    Been using CoA for quite some time now on  dot1x connections managed by clearpass.

     

    Have a chromebook runing in Kiosk mode that need netword access so had to put it on our PSK mac-auth;d network.

     

    If I try using CoA to bounce the "port" I get an administrativly prohibited message as shown in the attached.  image. Am I misssing some config on the mobility controller, or can I not CoA a wpa2-psk mauth session ?

     



  • 2.  RE: Should I be able to CoA a wpa2-psk mac auth'd session
    Best Answer

    EMPLOYEE
    Posted Jul 19, 2018 06:58 AM

    Maybe you don't have an RFC 3576 profile associated with that AAA profile?

     

    http://community.arubanetworks.com/t5/Security/Issue-with-RFC3576-disconnect/td-p/37952

     



  • 3.  RE: Should I be able to CoA a wpa2-psk mac auth'd session

    Posted Jul 19, 2018 07:21 AM

    Sigh! 

    Yup you're correct, thats whatw as missing from the configuration

    Thx



  • 4.  RE: Should I be able to CoA a wpa2-psk mac auth'd session

    EMPLOYEE
    Posted Jul 19, 2018 07:49 AM
    Bounce port is used for wired devices. You probably want to be using a Disconnect Message not a CoA. Does your AAA profile have RFC 3576 servers defined?


  • 5.  RE: Should I be able to CoA a wpa2-psk mac auth'd session

    Posted Jul 19, 2018 08:06 AM

    It does now :-(

    been using bounce port on all our dot1x connected wifi deficea and works just fine

     



  • 6.  RE: Should I be able to CoA a wpa2-psk mac auth'd session

    EMPLOYEE
    Posted Jul 19, 2018 08:07 AM
    That CoA has a special use and should not be used for this workflow. Use a Terminate Session instead.


  • 7.  RE: Should I be able to CoA a wpa2-psk mac auth'd session

    Posted Jul 19, 2018 08:08 AM
    Sorry meant terminate-session