Security

Reply
Frequent Contributor II

Radius CoA Bounce Host-Port Failed

Hi all,

 

I'm having an issue with Radius CoA, which doesn't work as I expected. What I'm trying to do is to use CPPM to authenticate a device based on its MAC address, then profile it and after that have CPPM send bounce host-port message to the switch to assign proper VLAN for that device. The authentication and profiling process have worked well so far. However, I got stuck at CoA step:

Summary.png

 

hpe_failed.png

 

I'm using an Aruba 5400 switch for testing. I tried changing the CoA profile to Aruba Bounce Host-Port (instead of HPE Bounce Host-Port), but it didn't work either:

aruba_failed.png

 

I checked the switch and look like it did receive CoA messages from CPPM:

radius_dyn_author.png

 

Below is my configuration on CPPM and Aruba switch:

cppm.png

 

switch.png

 

Please tell me what I did wrong. I really appreciate your help.

 

Thank you,

Frequent Contributor II

Re: Radius CoA Bounce Host-Port Failed

Hi,

 

Can anyone share your ideas on this? Where should I check next to make it work?

 

Thank you,

Guru Elite

Re: Radius CoA Bounce Host-Port Failed

What message do you get when try it manually from Access Tracker?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor II

Re: Radius CoA Bounce Host-Port Failed

Hi cappali,

 

I got ACCEPT message from Radius server but the Radius CoA tab showed that bounce host-port had failed.

 

aruba_failed.png

Guru Elite

Re: Radius CoA Bounce Host-Port Failed

Are both the switch and ClearPass server using NTP?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: