Security

 View Only
  • 1.  Dynamic Authorization attributes for CoA type reauth with Cisco ISE

    Posted Apr 26, 2024 01:25 PM

    Hi all, 

    I have configured 802.1x authentication on Aruba 2530 switches (16.11.0018). However, I have a problem with dynamic authorizations (CoA). The Port Bounce and Disconnect CoAs work, but the reauth CoA does not. I see in the logs of my Radius server (Cisco ISE) the "missing attribute". I can't find any information in the Aruba documentation to help me. 

    Below are the RADIUS attributes I've configured on the Radius server to make a reauth CoA:

    Radius:Calling-Station-ID = Radius:Calling-Station-ID
    Radius:NAS-IP-Address = Radius:NAS-IP-Address
    Radius:NAS-Port = 0 
    Radius:User-Name = 0

    The Bounce port works with the following attributes: 

    HP:HP-Port-Bounce-Host = 0
    Radius:Calling-Station-ID = Radius:Calling-Station-ID
    Radius:NAS-IP-Address = Radius:NAS-IP-Address
    Radius:NAS-Port = 0 
    Radius:User-Name = 0

    Disconnect works with the following attributes: 

    Radius:Calling-Station-ID = Radius:Calling-Station-ID
    Radius:NAS-IP-Address = Radius:NAS-IP-Address
    Radius:NAS-Port = 0 
    Radius:User-Name = 0

    Thank you for your help.



  • 2.  RE: Dynamic Authorization attributes for CoA type reauth with Cisco ISE

    Posted Apr 26, 2024 01:42 PM

    Awesome!  Would you also consider sharing this on the Cisco ISE Community as well?  https://community.cisco.com/t5/network-access-control/bd-p/discussions-network-access-control




  • 3.  RE: Dynamic Authorization attributes for CoA type reauth with Cisco ISE

    Posted Apr 28, 2024 11:23 AM

    I will do it when it will work. I have the configuration for CX 6000 too and it works.