I configured ClearPass for wireless authentication. Authentication for wireless 802.1x via MS-PEAP and captive portal is working without problems. I am using AeroHive access-points for the wireless networks.
ClearPass is configured with 2 NIC’s. One in the production environment and one in an internet-only segment. Clients connect to the AeroHive SSID and get a captive portal. I receive the RADIUS request in ClearPass and authentication works fine. I see the AeroHive IP address as NAS IP Address in the RADIUS request. The only thing that isn’t working is a CoA request. I would like to disconnect an active session. Within the guest portal I go to Guest – Active Session. I choose a guest user and click “Disconnect”. I receive the following error message (also attachment active-guest-error).
Error disconnecting session for user testuser. Please check ClearPass Policy Manager -> Access Tracker for more details.
When I check the Access Tracker, I don’t get any new logging information about the failure. I can also change the status from the Access Tracker by clicking Change Status. This doesn't work either, because I receive the following message (also attachment access-tracker-error).
No advertised access control capabilities for this MAC Address
I added every single AeroHive AP as Network Device and enabled RADIUS CoA (attachment aerohive). RADIUS authentication is working like a charm. Accounting is also working fine, because I can see the bandwidth consumption from the client.