We are running latest CPPM code 6.4.1.30651 and Aruba Instant code 6.4.2.0
We are trying to implement CoA to force clients to re-authenticate after a certain
time period.
The problem is we see this working with Aruba controller code but NOT with instant.
Any ideas?
cheers
Pete
From ClearPass you can set an radius attribute with session-timeout on the enforcement profile
If you use session-timeout, make sure you have RADIUS accounting enabled.
Valid point by cappalli..
Thanks for reply.
We have accounting enabled and all works fine, but we have to issue a CoA at specific times
for the solution to work.
My question is does CoA work between Instants and CPPM?
pete
p.s. works great with controller
Yes, CoA should work with Instant. Can you try to manually issue a CoA from access tracker and see if it gives you an error?
already tried that same result.
Tim,
extract from CPPM Access Tracker,
:-
Date and Time Oct 08, 2014 13:10:22 BSTApplication Name Policy ManagerRADIUS CoA Action Type DisconnectRADIUS CoA Action Name [Aruba Terminate Session]Status Code 0Status Message Radius [Aruba Terminate Session] failed for client 00224360da63RADIUS CoA Attributes Calling-Station-Id = 00224360da63
yes that is enabled
just to let you know we are sourcing the radius traffic from the DRP IP address
not from the VC. All radius traffic works fine with this but i am wondering if the
CoA works with this.
Do you have RFC 3576 enabled in your RADIUS server configuration in Instant?
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.