Did you configure zones? Reason for asking is that lookup of the session information for CoA may only work on ClearPass nodes that are in the same zone.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Nov 16, 2023 10:36 AM
From: centrale
Subject: Clearpass 6.11.5 CoA from Publisher
Hi,
I'm running a Clearpass cluster (6.11.5) with 3 multi-site nodes.
2530 / 2540 /2930f switches and IAP clusters. It's working.
I have a question for wired access:
From Access Tracker, is it normal that I can't bounce on a switch port that hasn't been authenticated by the cluster member I'm connected to on the web interface?
I get the message "No response from network device". With tcpdump, I don't see any traffic on port 3799 from the server.
To make it work, i have to connect to the cluster member (publisher or subscriber) who authenticated the device.
Port 3799 is open and works for all sites. I've tested CoA by modifying the configuration of a switch to put one clearpass server at a time.
I thought you could do this from the publisher. But I may have a configuration problem.
Thank you
Nicolas