I'm doing dot1x authentication and mac auth on a switch port and also trying to set users VLAN by using the RADIUS CoA. I'm getting the following message in the access tracker on clearpass and it's not setting the VLAN.
Any tips?
Check to make sure that the AAA profile for those ports has CPPM defined as the RFC 3576 server (with the same key as the Network Device definition). Also, make sure Enable RADIUS CoA is enabled on the Network Device configuration for your switch.
Make sure you have CoA (rfc-3576-server) enabled in the AAA profile with the IP address(es) of your ClearPass server.
You can run the command show aaa rfc-3576-server statistics which will show the different types of CoA requests received/processed by the switch.
Another thing to note is the controller-IP or the NAS IP set in the AAA advanced tab under Authentication in the controller. Make sure that whatever the NAS IP is...that is matches on both ends for the CoA to work.
I've added the RFC 3576 server to the aaa profile I'm using on the port.
Here's what the stats show :
It's working for 802.1x auth clients but not for the MAC auth clients.
I just recreated my enforcement profile and it's working now. Not 100% sure why though which is worrying. :smileyfrustrated:
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.
