Security

Reply
Frequent Contributor I

Radius COA problem between controller and clearpass

Hi,

 

I want to use Radius CoA between a controler and Clearpass for disconnect user session with a "Terminate Aruba Session" but it doesn't work.

I have this messge in "acccess tracker"

 

Status MessageSession-Context-Not-Found

 

 

In the controler,

 

in the RFC Statistics,  all the time the "Disconnect Rej" increment  !!!

 

in the log of aaa about RFC, i have the message  : 

Dec 30 10:36:28 :121031: <DBUG> |authmgr| |aaa| [rc_api.c:1188] Invalid parameters, setting nas_port_type to wireless
Dec 30 10:36:29 :121031: <DBUG> |authmgr| |aaa| [rc_sequence.c:115] seq_num_timeout_handler: Freed 0 entries

 

Do you have an idea ?

 

My configuration : 

CPPM: RADIUS CoA is enabled and using port 3799.

Controller: RFC3746 server defined in AAA profile. Key matches key specific in device details above.

 

Regards

 

Yann

 

 

 

 

Guru Elite

Re: Radius COA problem between controller and clearpass

Yann Dorval,

 

Please make sure that the nas-ip-address parameter configured on the controller for clearpass matches the ip address defined in ClearPass


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Frequent Contributor I

Re: Radius COA problem between controller and clearpass

Hi Cjoseph,

 

Thanks for your answer : 

 

i have check it

 

On my controler : 

Capture03.JPG

 

On my CPPM

 

Capture02.JPG

 

regards

 

 

 


Guru Elite

Re: Radius COA problem between controller and clearpass

Yann Dorval,

 

Not in the RFC 3576 definition.  Check in the Radius Server definition on the controller.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Frequent Contributor I

Re: Radius COA problem between controller and clearpass

Cjoseph,

 

I think it's good

 

Capture04.JPG

Capture06.JPG

 

Regards

 

Yann

Frequent Contributor I

Re: Radius COA problem between controller and clearpass

It's strange because in my Access Tracker -> Accounting -> Networ Detail, i have the good NAS-Port-Type

 

NAS IP Address:
10.1.8.50:0
NAS Port Type:
Wireless-802.11

 

regards

 

Yann

Frequent Contributor I

Re: Radius COA problem between controller and clearpass

in debug aaa you can see, 2 msg about the NAS port Type

 

Capture14.JPG

Trusted Contributor I

Re: Radius COA problem between controller and clearpass

i don't see the COA server connected to your AAA profile, is it there?

 

your not doing anything special with your network, i.e. NATing, firewall in between, ...?

Frequent Contributor I

Re: Radius COA problem between controller and clearpass

hi boneyard,

 

thanks for your reply, for me it's already connected to my aaa profile, see below ( RFC 3576 server 10.1.8.7).

The CPPM and Clearpass are in the same VLAN, network, IP range,  there are nothing between each.

 

Capture20.JPG

 

Regards

 

Yann 

Trusted Contributor I

Re: Radius COA problem between controller and clearpass

and you can't do an CoA on any session? you have check with a recent session you just logged in with?

 

only thing i would try then is to reset all shared secrets, so on controller (RFC... and radius server) and on clearpass with an easy one. just to rule out any copy paste / fat finger errors.

 

after that i would contact TAC (and go through all of the above again first :) ).

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: