Security

Reply
Valued Contributor I

Should I be able to CoA a wpa2-psk mac auth'd session

Been using CoA for quite some time now on  dot1x connections managed by clearpass.

 

Have a chromebook runing in Kiosk mode that need netword access so had to put it on our PSK mac-auth;d network.

 

If I try using CoA to bounce the "port" I get an administrativly prohibited message as shown in the attached.  image. Am I misssing some config on the mobility controller, or can I not CoA a wpa2-psk mauth session ?

 

Guru Elite

Re: Should I be able to CoA a wpa2-psk mac auth'd session

Maybe you don't have an RFC 3576 profile associated with that AAA profile?

 

http://community.arubanetworks.com/t5/Security/Issue-with-RFC3576-disconnect/td-p/37952

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Valued Contributor I

Re: Should I be able to CoA a wpa2-psk mac auth'd session

Sigh! 

Yup you're correct, thats whatw as missing from the configuration

Thx

Guru Elite

Re: Should I be able to CoA a wpa2-psk mac auth'd session

Bounce port is used for wired devices. You probably want to be using a Disconnect Message not a CoA. Does your AAA profile have RFC 3576 servers defined?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Valued Contributor I

Re: Should I be able to CoA a wpa2-psk mac auth'd session

It does now :-(

been using bounce port on all our dot1x connected wifi deficea and works just fine

 

Guru Elite

Re: Should I be able to CoA a wpa2-psk mac auth'd session

That CoA has a special use and should not be used for this workflow. Use a Terminate Session instead.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Valued Contributor I

Re: Should I be able to CoA a wpa2-psk mac auth'd session

Sorry meant terminate-session
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: