Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Multplie Radsec sessions from controller

This thread has been viewed 16 times

  • 1.  Multplie Radsec sessions from controller

    Posted Dec 04, 2020 11:14 AM

    Hi.

    We have configured Radsec towards external Radius server (not Clearpass). Radius authentication and accounting works fine. But CoA fails a lot. We discovered that the controller all the time establish three identical Radsec sessions to the server. And only if server send CoA down the same session to WLC it accepts the CoA-Request. If going down any of the other WLC answers with CoA-NAK and "Session-Context-Not-Found". NAS IP in Radius server is correctly configured. Controller sw is 8.6.0.6. Any advice on this matter?

    BR/Conny



    ------------------------------
    Conny
    ------------------------------


  • 2.  RE: Multplie Radsec sessions from controller

    EMPLOYEE
    Posted Dec 06, 2020 10:10 AM
    Please reach out to Aruba support for this, as this is not a common scenario and may not have been tested (or supported).

    Also, this may be by design to only allow CoA over the RadSec connection that authenticated the client.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
    ------------------------------

    Original Message


  • 3.  RE: Multplie Radsec sessions from controller

    Posted Dec 07, 2020 02:21 AM

    Hi Herman. Thanks for response. 

    Weird thing here that the controller immediately establish three Radsec sessions to Radius. An Instant AP solution using same Radius do only establish one session. 



    ------------------------------
    Conny Gustavsson
    ------------------------------

    Original Message


  • 4.  RE: Multplie Radsec sessions from controller

    EMPLOYEE
    Posted Dec 07, 2020 04:48 AM
    Conny,

    From the original message, I read that you have 3 different RADIUS servers and a connection to each of those was created. From this, it seems that 3 concurrent connections are set up to the same RADIUS server...

    Please work with Aruba Support. RadSec is a pretty new technology for most organizations, and to my knowledge not widely deployed.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
    ------------------------------

    Original Message