we are running an Aruba Instant 184.108.40.206 virtual controller with some Access Points (305 series).
We want do integrate an extern RADIUS Server (Packetfence v9) for guest authentification.
The configuration of Packetfence works, the server accepts the RADIUS request from the test client and forces a VLAN reassignment (registration VLAN --> guest VLAN).
But the next step fails with the error message „Error-Cause = Session-Context-Not-Found " or
" Error handling desAssociate : Undefined subroutine &pf::Switch::Aruba::Instant_Access::perform_disconnect called at /usr/local/pf/lib/pf/Switch/Aruba/Instant_Access.pm line 85.".
A log file you can find as a attachment.
I read, that Aruba controllers/access points need specific RADIUS atributes, which Packetfence can’t deliver with standard settings.
How can I configure the Aruba Controller/Packetfence, so that the RADIUS Reply of Packetfence will accepted?
Thank you in advance!
I'm not familiar with Packetfence, but reading the error message it seems to me that it does not have the code programmed (yet) to issue a CoA to an Aruba Instant. You may try configuring your Instant AP as a controller and see if CoA work for a controller. If that doesn't work, you probably will need request support in Packetfence.
By the way, switching VLANs is a very poor way to implement guest, and switching VLANs on a live connection is asking for trouble in general as clients mostly won't see that they need to get a new IP address after the switch. With Aruba, you have user roles, which can change firewall rules to open after authentication while keeping the AP in the same VLAN, which I would use instead.
you are right, there was a part of code missing in Packetfence. I updated the progamm code, now it's working fine.
Thank you very much for your reply!
We are very interested in implementing a similar (if not identical) setup to what you have done. We are running instant (100 AP-515) and would like to implement PacketFence. Would you be willing to share the modifications you needed to make? Did you end up implementing using Aruba roles (vs. VLAN change)?
OSPimenta | Operating System Pimenta
The above article is a good one for the Aruba VC with PacketFence Configuration
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.