Security

Reply
Highlighted
Occasional Contributor II

Aruba Switch 2530 - Error Radius Coa - Invalid packet authenticator

Hello,

 

I have a problem with the clearpass when I send a Radius Coa to the switch. It always gives me the same error: 

0000:00:25:52.77 RAD tRadiusR:DISCONNECT REQUEST id: 7 from 10.253.27.12
DROPPED, Invalid packet authenticator.

I have no problem in the validation user through 802.1x. It works well and in Clearpass validates, however when I send an RCoa the switch does not respond and makes a drop of the package.

This is what I have configured in the switch:

 

radius-server host 10.253.27.12 encrypted-key "encripted_key"
radius-server host 10.253.27.12 dyn-authorization
radius-server host 10.253.27.12 time-window 0

 

SW(config)# sh radius

Status and Counters - General RADIUS Information

Deadtime (minutes) : 0
Timeout (seconds) : 5
Retransmit Attempts : 3
Global Encryption Key :

Dynamic Authorization UDP Port : 3799
Source IP Selection : 192.168.116.13
Source IPv6 Selection : Outgoing Interface
Tracking : Disabled

Auth Acct DM/ Time |
Server IP Addr Port Port CoA Window |
--------------- ----- ----- --- ------ +

Encryption Key
-----------------------------------------------------------------------------------------
10.253.27.12 1812 1813 Yes 0 | encripted_key


                                    Disc      Disc    Disc    CoA     CoA   CoA
IP Address                 Reqs   ACKs  NAKs   Reqs   ACKs   NAKs
---------------                 -------- --------  --------   --------  --------  --------
10.253.27.12                 12      0          0       3            0            0

Can you help me?

 

TY

MVP Guru

Re: Aruba Switch 2530 - Error Radius Coa - Invalid packet authenticator

check whether below setting configured properly

  • RFC server IP configuration and shared secret
  • Port 3799 is allowed
  • What type of Radius CoA template you are using?
Regards,
Pavan
If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
MVP
MVP

Re: Aruba Switch 2530 - Error Radius Coa - Invalid packet authenticator

.

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Occasional Contributor II

Re: Aruba Switch 2530 - Error Radius Coa - Invalid packet authenticator

Hi,

 

  • RFC server IP configuration and shared secret --> Yes, i can do 802.1x.
  • Port 3799 is allowed--> Yes, i receive in switch radius coa
  • What type of Radius CoA template you are using? --> [ArubaOS - Terminate Session]
  • Another one--> Same NTP Server

I try with differents templates for Radius_Coa and ever i receive same error --> Invalid Packet Authenticator.

Guru Elite

Re: Aruba Switch 2530 - Error Radius Coa - Invalid packet authenticator

Looks like you want a Disconnect, not a CoA. Use the [ArubaOS Switching – Terminate Session] profile.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Aruba Switch 2530 - Error Radius Coa - Invalid packet authenticator

I want a radius coa, i use [ArubaOS switching - Terminate sesion] but i can use other, only want radius coa work fine.

 

I try a diferents templates but none works 

Guru Elite

Re: Aruba Switch 2530 - Error Radius Coa - Invalid packet authenticator

If you’re trying to Disconnect the user, it’s a Disconnect, not a CoA. [ArubaOS Switching - Terminate Session] is the correct enforcement profile.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Aruba Switch 2530 - Error Radius Coa - Invalid packet authenticator

Nice, i change profile, now i send Coa but i ve same error: invalid packet authenticator.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: