Security

 View Only
last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

COA not working for cisco Wired Guest

This thread has been viewed 3 times

  • 1.  COA not working for cisco Wired Guest

    Posted Jan 01, 2014 05:39 AM

    COA is not working for Cisco Wired Guest for ClearPass, 
    Intial Mac aithentication is success full 
    Moves in to the webauth role for guest registration and guest registration is success full. but the COA doesnt work and does not do the second webauth. Coming out with error " error=No values for param=Radius:IETF:Calling-Station-Id" but i can see that value is populated. 
    My contact number is : +97433176030 
    The Error in the log is below: Also Attaching the exported logs 

    2014-01-01 13:06:08,294 [RequestHandler-1-0x7ff308fe7700 r=W00000169-01-52c3e890 h=17474 c=W00000169-01-52c3e890] INFO Core.PETaskRadiusCoAEnfProfileBuilder - Radius_CoA enfProfiles used: Cisco - Terminate Session- 
    2014-01-01 13:06:08,294 [RequestHandler-1-0x7ff308fe7700 r=W00000169-01-52c3e890 h=17474 c=W00000169-01-52c3e890] INFO Core.PETaskRadiusCoAEnfProfileBuilder - UnknownAutzParams to fetch for RadiusCoAEnfProfiles: : 
    2014-01-01 13:06:08,294 [RequestHandler-1-0x7ff308fe7700 r=W00000169-01-52c3e890 h=17474 c=W00000169-01-52c3e890] INFO Core.PETaskRadiusCoAEnfProfileBuilder - UnknownNAutzParams to fetch for RadiusCoAEnfProfiles: : Radius:IETF:Calling-Station-Id 
    2014-01-01 13:06:08,294 [RequestHandler-1-0x7ff308fe7700 r=W00000169-01-52c3e890 h=17474 c=W00000169-01-52c3e890] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Radius:IETF:Calling-Station-Id}, error=No values for param=Radius:IETF:Calling-Station-Id 
    2014-01-01 13:06:08,294 [RequestHandler-1-0x7ff308fe7700 r=W00000169-01-52c3e890 h=17474 c=W00000169-01-52c3e890] ERROR Core.PETaskRadiusCoAEnfProfileBuilder - addParamsFromParameterizedProfile: Failed to find finalValue for name= Radius:IETF:Calling-Station-Id value = %{Radius:IETF:Calling-Station-Id}. Searching attributes from battery 
    2014-01-01 13:06:08,294 [RequestHandler-1-0x7ff308fe7700 r=W00000169-01-52c3e890 h=17475 c=W00000169-01-52c3e890] INFO Core.PETaskPostAuthEnfProfileBuilder - getApplicableProfiles: No Post auth enforcement profiles applicable for this device 
    2014-01-01 13:06:08,297 [RequestHandler-1-0x7ff308fe7700 h=17479 c=W00000169-01-52c3e890] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr 
    2014-01-01 13:06:08,297 [RequestHandler-1-0x7ff308fe7700 h=17478 c=W00000169-01-52c3e890] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr 
    2014-01-01 13:06:08,297 [RequestHandler-1-0x7ff308fe7700 r=W00000169-01-52c3e890 h=17466 c=W00000169-01-52c3e890] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_SOAP_WEBAUTH Completed ***



  • 2.  RE: COA not working for cisco Wired Guest

    EMPLOYEE
    Posted Jan 01, 2014 05:45 AM
    In your redirect acl make sure you have the following after the .php

    url-redirect=https://cplab.clearpassdemo.com/guest/cisco_guest_3.php?mac=%{Connection:Client-Mac-Address-Colon}


  • 3.  RE: COA not working for cisco Wired Guest

    Posted Jan 01, 2014 05:55 AM

    I do have that in place.. But still doesnt work.

     I see the the calling station id it detects in the format of  hyphen based, Does it create any problem.

     

    You can see in the attachment.

     

     



  • 4.  RE: COA not working for cisco Wired Guest

    EMPLOYEE
    Posted Jan 01, 2014 06:02 AM
    I've never tried it hyphen based but you can try changing the last part to hyphen}

    Also double check the coa is enabled on the switch and passwords are correct.

    I've also seen that issue if coa port 3799 is being blocked.