Contributor II

RFC 3576 with Cisco ISE

We're in the process of testing a Cisco ISE appliance and one feature I'm trying to get to work is RFC 3576 / AKA COA.  It seems however that Cisco has decided to use UDP port 1700 instead of the RFC standard of 3799.  Also, it doesn't seem to be possible to change this on the Cisco side and they have indicated that it would have to be added as a feature request.


What I'm wondering is if Aruba might consider adding in the port number in the ArubaOS configuration so we can specify which port to listen on for COA packets?

Super Contributor I

Re: RFC 3576 with Cisco ISE

You can configure the port in clearpass for COA when you set up the NAS device. FYI.

Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
New Contributor

Re: RFC 3576 with Cisco ISE

But is it possible to change the port on the Aruba controller to 1700?




Guru Elite

Re: RFC 3576 with Cisco ISE

No. Aruba followed the standard.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: RFC 3576 with Cisco ISE

Did you try this?


(Aruba650) #configure terminal

Enter Configuration commands, one per line. End with CNTL/Z

(Aruba650) (config) #firewall cp

(Aruba650) (config-fw-cp) #permit proto 17 ports 1700 1700

(Aruba650) (config-fw-cp) #exit

(Aruba650) (config) #ip radius rfc-3576-server udp-port 1700

(Aruba650) (config) #end


I saw this here


Search Airheads
Showing results for 
Search instead for 
Did you mean: