Yes.
Original Message:
Sent: Oct 23, 2023 06:14 PM
From: safranek
Subject: COA on AOS 8
An important question: do the devices use their own "physical" IP address for RADIUS communication, or the VRRP addresses created under the Cluster Profile?
Example:
- MD1:
- Physical IP address: 10.0.0.11
- VRRP IP in cluster profile: 10.0.0.21
- MD2:
- Physical IP address: 10.0.0.12
- VRRP IP in cluster profile: 10.0.0.22
- RADIUS server:
In this case, for example, if the UAC of user1 is MD1, to which IP address is the communication goes from the RADIUS in case of CoA, 10.0.0.11 or 10.0.0.21 is the destination IP address? Because of firewall rules this is an important question, I would need to know if the NAS IPs (10.0.0.21 and 10.0.0.22) are actually used for communication or not?
Does it depend on whether I enter the device's own VRRP address in the "NAS IP" under the RADIUS server profile in the MD configuration? (10.0.0.21 for MD1) If nothing is specified in the RADIUS server profile under "NAS IP", will it send packets with the default mgmt address? (10.0.0.11 for MD1)
Original Message:
Sent: Feb 27, 2020 04:35 AM
From: cjoseph
Subject: COA on AOS 8
You honestly don't need VRRPs for COA to work.
The VRRP ip address created in the Cluster Profile, that automatically creates VRRP IDS from 220 and up are only really used if there is a cluster failover/election, so that the ip address of the NAS stays the same as that in the user's in the access tracker. If there are no cluster failovers between when the user first authenticates and when you expect to do a COA, the cluster VRRP configuration is excess, really. COA will still work without configuring VRRPs in the cluster profile.