Security

Reply
Contributor I

Can we send any attributes with Access-Reject

Hello,

 

Suppose I have a client connected to a switch port and tries MAC authentication and gets an access-reject, can i send some radius attribute with that access-reject message using CPPM and if yes can you point me to how I can configure that.

 

Thanks

MVP Guru

Re: Can we send any attributes with Access-Reject

could you elaborate more on your requirment, do you want to integrate switch with CPPM server to do wired mac authentication?

 

Regards,
Pavan
If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Can we send any attributes with Access-Reject

Yes, we're doing wired mac authentication, the idea is that if an unknown endpoint tries mac authentication, the CPPM can send an access-reject with a redirect url for web authentication. I know we can configure CPPM to send a redirect url attribute with an access-accept message even for uknown clients but there is a slight limitation on the switch side which currently requires the attribute to come with a reject message. I also checked the RFC which allows sending any number of attributes with a reject message. 

Thanks

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: