07-15-2019 05:01 AM - edited 07-15-2019 06:59 AM
we are running an Aruba Instant 22.214.171.124 virtual controller with some Access Points (305 series).
We want do integrate an extern RADIUS Server (Packetfence v9) for guest authentification.
The configuration of Packetfence works, the server accepts the RADIUS request from the test client and forces a VLAN reassignment (registration VLAN --> guest VLAN).
But the next step fails with the error message „Error-Cause = Session-Context-Not-Found " or
" Error handling desAssociate : Undefined subroutine &pf::Switch::Aruba::Instant_Access::perform_disconnect called at /usr/local/pf/lib/pf/Switch/Aruba/Instant_Access.pm line 85.".
A log file you can find as a attachment.
I read, that Aruba controllers/access points need specific RADIUS atributes, which Packetfence can’t deliver with standard settings.
How can I configure the Aruba Controller/Packetfence, so that the RADIUS Reply of Packetfence will accepted?
Thank you in advance!
Solved! Go to Solution.
07-16-2019 12:03 AM
I'm not familiar with Packetfence, but reading the error message it seems to me that it does not have the code programmed (yet) to issue a CoA to an Aruba Instant. You may try configuring your Instant AP as a controller and see if CoA work for a controller. If that doesn't work, you probably will need request support in Packetfence.
By the way, switching VLANs is a very poor way to implement guest, and switching VLANs on a live connection is asking for trouble in general as clients mostly won't see that they need to get a new IP address after the switch. With Aruba, you have user roles, which can change firewall rules to open after authentication while keeping the AP in the same VLAN, which I would use instead.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).