Security

last person joined: 2 days ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Issue with RFC3576 disconnect

Jump to Best Answer
This thread has been viewed 2 times
  • 1.  Issue with RFC3576 disconnect

    Posted Jun 21, 2012 08:16 AM

    I have defined the rfc3576 server in the controller.  I have made double sure that the keys match the radius keys on clearpass guest and on the controller.  When I send a disconnect from the cp guest I get this message from cp guest

     

    "Disconnect failed – Administratively Prohibited"
     
    On the controller I get the following:
     
    Jun 21 13:13:57  authmgr[1540]: <520001> <DBUG> |authmgr|  [rc_rfc3576.c:238] IP:0.0.0.0, Name:63954915 sessid=63954915001BB1A74547-02, reqcode=40, rspcode=42, nack=1, error_cause=administratively prohibited
     
    It bothers me that the IP is 0.0.0.0.  Is this normal?  I was expecting this to be the radius server (cp guest) and used to match the corresponding key defined in my config.  If this is indeed the case then this explains the error message.  Not sure where to define that on cp guest (amigopod)


  • 2.  RE: Issue with RFC3576 disconnect
    Best Answer

    Posted Jun 21, 2012 08:18 AM

    Did you associate the RFC3576 server with the AAA profile of the WLAN that needs to do disconnects on the Aruba controller?  It is not enough to define it.  You need to Assign the RFC3576 server to the CPguest AAA profile on the controller.

     



  • 3.  RE: Issue with RFC3576 disconnect

    Posted Jun 21, 2012 08:22 AM

    cj I yield once more to you superior knowledge :smileywink:

     

    You were completely correct, and now it works perfectly.

     

    Cheers!



  • 4.  RE: Issue with RFC3576 disconnect

    Posted Jun 21, 2012 08:24 AM

    @soapdish wrote:

    cj I yield once more to you superior knowledge :smileywink:

     

    You were completely correct, and now it works perfectly.

     

    Cheers!


    Soapdish,

     

    I am just more lucky than you in some situations ;)

     



  • 5.  RE: Issue with RFC3576 disconnect

    Posted Jun 21, 2012 05:33 PM

    Would that be the RADIUS Accounting Server group where you would associate the RFC3576 server with the AAA profile?



  • 6.  RE: Issue with RFC3576 disconnect

    Posted Jun 21, 2012 05:43 PM

    It is below the reset of the settings for our aaa profile - see screenshot below

     

    rfc3576.jpg.jpg



  • 7.  RE: Issue with RFC3576 disconnect

    Posted Nov 18, 2013 02:38 AM

    Awesome.. Helped me a lot!!

     

    Thanks,

    Bharani..