Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Juniper WLC + ClearPass Guest: Disconnect / Missing Attributes

This thread has been viewed 0 times

  • 1.  Juniper WLC + ClearPass Guest: Disconnect / Missing Attributes

    Posted Oct 14, 2016 08:35 AM

    Hi,



    we have a setup of Trapeze/Juniper WLC and ClearPass Guest at one of our customers where ClearPass Guest is providing the captive portal to the WLAN clients connected to the Juniper WLAN hardware. Authentication seems to work properly with a combination of MAC Auth and Web Auth to send a RADIUS CoA to the WLC. Setup was done according the ClearPass Guest on Juniper WLC documenation in arubapedia.

    We also want to disconnect the guests via the disconnect button in ClearPass Guest -> Active Sessions. This does not seem to work due to missing attributes, see log of WLC below:

    AAA Sep 20 16:22:48.828279 DEBUG (0) RADIUS: DISCONNECT_REQUEST <22,43167,10.10.0.52> lport=3799, len=20
AAA Sep 20 16:22:48.828522 DEBUG (0) RADIUS: NACK: request has no NAS-IP-Address attributes
AAA Sep 20 16:22:48.828611 DEBUG (0) RADIUS: request has no User-Name attribute

    Does anyone know how to adjust the CoA or its attributes for the Disconnect-Request?

    Thanks in advance.



    
Kind Regards,
    Stephan