CX switches by default does not send NAS-IP-Address, we need below radius server group configuration. It is supported from 8.1060/9.1020 release onwards
(config)# aaa radius-attribute group <radius-server-group-name>
shobana-vsf(config-radius-attr)# nas-ip-addr
request-type Configure the request-type.
service-type Configure the service-type RADIUS attribute.
shobana-vsf(config-radius-attr)#
nas-ip-addr request-type bothaccounting Include the attribute in accounting-request packets.
authentication Include the attribute in access-request packets.
both Include the attribute in access-request and
accounting-request packets.
shobana-vsf(config-radius-attr)# nas-ip-addr service-type
user-management Include the attribute for management users RADIUS
access-request packets.
shobana-vsf(config-radius-attr)#
nas-ip-addr service-type user-management------------------------------
Shobana
Aruba
------------------------------
Original Message:
Sent: May 17, 2022 08:53 AM
From: Austin Buckley
Subject: Issue with Radius (Windows NPS) and Aruba 6000 Series Switches
Hello,
I'm having issues with Windows NPS. And getting the below output in event log when attempting to radius into an Aruba 6000 series switch after failing to authenticate. I believe I need to configure a vendor specific attribute (VSA) but couldn't find any clear documentation in configuring it on NPS. I've seen some videos where the VSA is applied to the Network Policy but based on the reason code and the particular conditions I have leads me to believe I need to configure a VSA on the Connection Request Policy.
User:
Security ID: NULL SID
Account Name: User1
Account Domain: -
Fully Qualified Account Name: -
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: -
Calling Station Identifier: 192.168.X.X
NAS:
NAS IPv4 Address: -
NAS IPv6 Address: -
NAS Identifier: sshd
NAS Port-Type: Virtual
NAS Port: 15263
RADIUS Client:
Client Friendly Name: "Friendly Name"
Client IP Address: 192.168.X.X
Authentication Details:
Connection Request Policy Name: -
Network Policy Name: -
Authentication Provider: -
Authentication Server: "Authentication Server"
Authentication Type: -
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 49
Reason: The RADIUS request did not match any configured connection request policy (CRP).
Thank you in advance if anyone has any information regarding my issue.
------------------------------
Austin
------------------------------