Hi Folks,I'm working on a new ClearPass deployment, and attempting to get CoA working. RADIUS is functioning properly, but I receive the following message when any CoA is attempted: No response from network deviceAs far as I can tell, I've set everything up properly. Withing my network devices, I've selected: Enable RADIUS Dynamic Authorization, and have confirmed port 3799 traffic is observed and allowed through the firewalls.From a Cisco switch standpoint, I've configured the following (and verified that the secret is correct):
aaa server radius dynamic-authorclient <ip> server-key <key>port 3799auth-type allAs this is my first deployment, I'm struggling to find anything that may help me to investigate this further - logs, etc. in ClearPass. As mentioned, I can see the request go from ClearPass to the switch in question through the firewalls, so something is happening... The dot1x request succeeds, and the device is allowed access to the network based on the proper Service/profile, etc.Any troubleshooting help would be greatly appreciated!
Thanks for the responses. The access tracker info shows the correct IP, and I am seeing in the firewall the request to the correct IP as well. As far as firmware and model, these are 9300s running
Cisco IOS XE Software, Version 17.03.05
I was able to get to the bottom of this one. I had to:1) specify a vrf2) move the server-key to its own line
aaa server radius dynamic-authorclient <clearpass>client <clearpass> vrf managementserver-key <key>port 3799auth-type allIt would not work with the server-key specified in the client line, and also wouldn't work without the vrf (this one makes sense). Thanks for the help!
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.