06-15-2018 01:53 AM
Trying to get Radius COA working, but it seems to fail. Getting "No response from network device" for example.
I have a Clearpass with the IP's 10.16.108.54 (data) and 10.0.0.8 (admin).
The controller VRRP is 10.0.0.14 and the IPs of the controllers are 10.150.0.3-6.
Our Cisco in between tells me the following:
No matching connection for ICMP error message: icmp src admin:10.0.0.14 dst klient:10.16.108.54 (type 3, code 3) on admin interface. Original IP payload: udp src 10.16.108.54/46798 dst 10.0.0.14/3799.
This would indicate that the udp/3799 are not available at the 10.0.0.14 vrrp interface. I have tried several combination when enabling COA at device settings in Clearpass and as RFC 3576 server on the controllers.
Can anyone help me with this one ?
Solved! Go to Solution.
Re: Radius COA problem
06-15-2018 03:33 AM
Make sure that the shared key matches (RADIUS/RFC)
Sent from Mail for Windows 10
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
06-15-2018 03:39 AM
I just found the solution. The NAS ip was inherited, when setting this to individual ip for each controller, everything works.
I guess when sending COA back to VRRP ip, it cannot handle this, since each controller owns the diffrent session.