Security

Reply
Contributor II

Radius COA problem

Hey

 

Trying to get Radius COA working, but it seems to fail. Getting "No response from network device" for example. 

 

I have a Clearpass with the IP's 10.16.108.54 (data) and 10.0.0.8 (admin).

The controller VRRP is 10.0.0.14 and the IPs of the controllers are 10.150.0.3-6. 

 

Our Cisco in between tells me the following:

 

No matching connection for ICMP error message: icmp src admin:10.0.0.14 dst klient:10.16.108.54 (type 3, code 3) on admin interface.  Original IP payload: udp src 10.16.108.54/46798 dst 10.0.0.14/3799.

 

This would indicate that the udp/3799 are not available at the 10.0.0.14 vrrp interface. I have tried several combination when enabling COA at device settings in Clearpass and as RFC 3576 server on the controllers.

 

Can anyone help me with this one ?

 

Thanx.

 

Regards
Jon

Re: Radius COA problem

Did you add the controllers management ips in ClearPass ?
Make sure that the shared key matches (RADIUS/RFC)

Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II

Re: Radius COA problem

I just found the solution. The NAS ip was inherited, when setting this to individual ip for each controller, everything works.

 

I guess when sending COA back to VRRP ip, it cannot handle this, since each controller owns the diffrent session.

Regards
Jon
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: