Hi, I have an issue with ClearPass and aruba 2930f switch RADIUS CoA
When I try to bounce or terminate 802.1X session on switch from ClearPass I receive these errors
Aruba 2930f configuration
radius-server host 192.168.77.87 key "Asdf12345"
radius-server host 192.168.77.87 dyn-authorization
radius-server host 192.168.77.87 time-window plus-or-minus-time-window
radius-server host 192.168.77.87 time-window 10000
no telnet-server
ip default-gateway 192.168.77.253
ip source-interface radius vlan 177
ip client-tracker trusted
aaa server-group radius "DEMO" host 192.168.77.87
aaa accounting update periodic 3
aaa accounting network start-stop radius server-group "DEMO"
aaa authentication port-access eap-radius server-group "DEMO"
aaa authentication mac-based chap-radius server-group "DEMO"
aaa port-access authenticator 2
aaa port-access authenticator active
aaa port-access mac-based 1
Dynamic authorization LOG
Aruba-2930F-8G-PoEP-2SFPP(config)# show radius host 192.168.77.87 dyn-authori
zation
Status and Counters - RADIUS Dynamic Authorization Information
Authorization Client IP Address : 192.168.77.87
Unknown PKT Types Received : 0
Disc-Reqs : 0 CoA-Reqs : 3
Disc-Reqs Authorize Only : 0 CoA-Reqs Authorize Only : 0
Disc-ACKs : 0 CoA-ACKs : 0
Disc-NAKs : 0 CoA-NAKs : 0
Disc-NAKs Authorize Only : 0 CoA-NAKs Authorize Only : 0
Disc-NAKs No Ses. Found : 0 CoA-NAKs No Ses. Found : 0
Disc-Reqs Ses. Removed : 0 CoA-Reqs Ses. Changed : 0
Disc-Reqs Malformed : 0 CoA-Reqs Malformed : 0
Disc-Reqs Bad Authentic. : 0 CoA-Reqs Bad Authentic. : 0
Disc-Reqs Dropped : 0 CoA-Reqs Dropped : 3
Aruba-2930F-8G-PoEP-2SFPP(config)# show version
Image stamp:
/ws/swbuildm/rel_yakima_qaoff/code/build/lvm(swbuildm_rel_yakima_qaoff_rel_yaki
ma)
Nov 21 2018 05:11:34
WC.16.08.0001
157
Boot Image: Primary
Boot ROM Version: WC.16.01.0004
Active Boot ROM: Primary
Aruba-2930F-8G-PoEP-2SFPP(config)# show port-access clients 2 detailed
Port Access Client Status Detail
Client Base Details :
Port : 2 Authentication Type : 802.1x
Client Status : authenticated Session Time : 857 seconds
Client name : host/PC1.DOMAIN1.LT Session Timeout : 0 seconds
MAC Address : d4bed9-6dce74
IP : 192.168.77.230
Access Policy Details :
COS Map : Not Defined In Limit Kbps : Not Set
Untagged VLAN : 177 Out Limit Kbps : Not Set
Tagged VLANs : No Tagged VLANs
Port Mode : 100FDx
RADIUS ACL List : No Radius ACL List
Auth Order : Not Set
Auth Priority : Not Set
LMA Fallback : D
Aruba-2930F-8G-PoEP-2SFPP(config)# show radius
Status and Counters - General RADIUS Information
Dead RADIUS server are preceded by *
Deadtime (minutes) : 0
Timeout (seconds) : 5
Retransmit Attempts : 3
Global Encryption Key :
Dynamic Authorization UDP Port : 3799
Source IP Selection : 192.168.77.96
Source IPv6 Selection : Outgoing Interface
Tracking : Disabled
Request Packet Count : 3
Track Dead Servers Only : Disabled
Tracking Period (seconds) : 300
CPPM Identity :
Auth Acct DM/ Time |
Server IP Addr Port Port CoA Window | Encryption Key OOBM
--------------- ----- ----- --- ------ + ----------------------------------------------------------------------------------------- ----
192.168.77.87 1812 1813 Yes 10000 | Asdf12345 No