Wired Intelligent Edge

 View Only
last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

CoA Port Bounce with Cisco ISE and Aruba 2530

This thread has been viewed 101 times
  • 1.  CoA Port Bounce with Cisco ISE and Aruba 2530

    Posted Nov 03, 2020 11:33 AM
    Hi,

    I am actually trying to implemement profiling with the Cisco ISE (2.7 patch2) and Aruba 2530 (SW 16.10.011).
    After profiling the devices, the ISE sends a CoA POrt Bounce to the switch.
    But I am still getting a "Missing attribute" back from the switch.

    On the switch, I have configured the following for CoA:
    radius-server host <IP-address> key <Some Pass>
    radius-server host <IP-address> dyn-authorization
    radius-server host <IP-address> time-window 0

    The CoA-NAKs increase with every attempt.

    On the ISE, I have configured the following for the device profile:


    from a packet dump, I can see that only a few attributes are sent to the switch via CoA:


    Any idea what´s missing here?

    Regards
    Joerg




    ------------------------------
    Joerg Dallhammer
    ------------------------------


  • 2.  RE: CoA Port Bounce with Cisco ISE and Aruba 2530

    MVP GURU
    Posted Nov 04, 2020 02:36 AM
    Hi,

    Use ClearPass ;-)

    You can look https://techhub.hpe.com/eginfolib/networking/docs/switches/WB/15-18/5998-8152_wb_2920_asg/content/ch06s11.html#List_Change_of_Authorization

    do you have check also the time on ISE and Switch ?

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 3.  RE: CoA Port Bounce with Cisco ISE and Aruba 2530

    Posted Nov 04, 2020 06:01 AM
    Hi Alexis,

    thanks for your reply.

    I have checked the document and checked the time on ISE and switch.
    Everything seems to be fine.

    But there are still attributes missing on the CoA that the switch expects.

    Regards
    Joerg

    ------------------------------
    Joerg Dallhammer
    ------------------------------