Security

Reply
Highlighted
Occasional Contributor II

Clearpass + Aruba 2930f bounce port CoA OR terminate session CoA dont work

Hi, I have an  issue with ClearPass and aruba 2930f switch RADIUS CoA

When I try to bounce or terminate 802.1X session on switch from ClearPass I receive these errors

 

 

 

Aruba 2930f  configuration

radius-server host 192.168.77.87 key "Asdf12345"
radius-server host 192.168.77.87 dyn-authorization
radius-server host 192.168.77.87 time-window plus-or-minus-time-window
radius-server host 192.168.77.87 time-window 10000
no telnet-server
ip default-gateway 192.168.77.253
ip source-interface radius vlan 177
ip client-tracker trusted

 

aaa server-group radius "DEMO" host 192.168.77.87
aaa accounting update periodic 3
aaa accounting network start-stop radius server-group "DEMO"

 

aaa authentication port-access eap-radius server-group "DEMO"
aaa authentication mac-based chap-radius server-group "DEMO"
aaa port-access authenticator 2
aaa port-access authenticator active
aaa port-access mac-based 1

 

 

 

Dynamic authorization LOG

 

Aruba-2930F-8G-PoEP-2SFPP(config)# show radius host 192.168.77.87 dyn-authori
zation

Status and Counters - RADIUS Dynamic Authorization Information


Authorization Client IP Address : 192.168.77.87
Unknown PKT Types Received : 0

Disc-Reqs : 0 CoA-Reqs : 3
Disc-Reqs Authorize Only : 0 CoA-Reqs Authorize Only : 0
Disc-ACKs : 0 CoA-ACKs : 0
Disc-NAKs : 0 CoA-NAKs : 0
Disc-NAKs Authorize Only : 0 CoA-NAKs Authorize Only : 0
Disc-NAKs No Ses. Found : 0 CoA-NAKs No Ses. Found : 0
Disc-Reqs Ses. Removed : 0 CoA-Reqs Ses. Changed : 0
Disc-Reqs Malformed : 0 CoA-Reqs Malformed : 0
Disc-Reqs Bad Authentic. : 0 CoA-Reqs Bad Authentic. : 0
Disc-Reqs Dropped : 0 CoA-Reqs Dropped : 3

 

 

Aruba-2930F-8G-PoEP-2SFPP(config)# show version

Image stamp:
/ws/swbuildm/rel_yakima_qaoff/code/build/lvm(swbuildm_rel_yakima_qaoff_rel_yaki
ma)
Nov 21 2018 05:11:34
WC.16.08.0001
157
Boot Image: Primary

Boot ROM Version: WC.16.01.0004
Active Boot ROM: Primary

 

 

 

 

 

 

Aruba-2930F-8G-PoEP-2SFPP(config)# show port-access clients 2 detailed

Port Access Client Status Detail

Client Base Details :
Port : 2 Authentication Type : 802.1x
Client Status : authenticated Session Time : 857 seconds
Client name : host/PC1.DOMAIN1.LT Session Timeout : 0 seconds
MAC Address : d4bed9-6dce74
IP : 192.168.77.230

Access Policy Details :
COS Map : Not Defined In Limit Kbps : Not Set
Untagged VLAN : 177 Out Limit Kbps : Not Set
Tagged VLANs : No Tagged VLANs
Port Mode : 100FDx
RADIUS ACL List : No Radius ACL List
Auth Order : Not Set
Auth Priority : Not Set
LMA Fallback : D

 

 

 

 

 

 

Aruba-2930F-8G-PoEP-2SFPP(config)# show radius

Status and Counters - General RADIUS Information

Dead RADIUS server are preceded by *

Deadtime (minutes) : 0
Timeout (seconds) : 5
Retransmit Attempts : 3
Global Encryption Key :
Dynamic Authorization UDP Port : 3799
Source IP Selection : 192.168.77.96
Source IPv6 Selection : Outgoing Interface
Tracking : Disabled
Request Packet Count : 3
Track Dead Servers Only : Disabled
Tracking Period (seconds) : 300
CPPM Identity :

Auth Acct DM/ Time |
Server IP Addr Port Port CoA Window | Encryption Key OOBM
--------------- ----- ----- --- ------ + ----------------------------------------------------------------------------------------- ----
192.168.77.87 1812 1813 Yes 10000 | Asdf12345 No

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: