Security

Hi Everyone,

 

I am trying to send a CoA request to a Juniper (Trapeze) WLC 880R. 

 

I am getting the following errors in the logs from the Enforcement Policy.

 

DEBUG Core.PETaskRadiusCoAEnfProfileBuilder - Adding attr=Radius:IETF:NAS-IP-Address|value=%{Application:WebLoginURL:portal_ip} to the EnforcementProfile outlist
DEBUG Core.PETaskRadiusCoAEnfProfileBuilder - Adding attr=Radius:IETF:Calling-Station-Id|value=%{Connection:Client-Mac-Address-Colon} to the EnforcementProfile outlist
DEBUG Core.PETaskRadiusCoAEnfProfileBuilder - Adding attr=Radius:IETF:Filter-Id|value=ClusterPermitALL.in to the EnforcementProfile outlist
DEBUG Core.PETaskRadiusCoAEnfProfileBuilder - Adding attr=Radius:Trapeze:Trapeze-CoA-Username|value=%{Authentication:Username} to the EnforcementProfile outlist
DEBUG Core.PETaskRadiusCoAEnfProfileBuilder - buildParamsToFetch: Building parameters to fetch for RadiusCoAEnforcement
INFO Core.PETaskRadiusCoAEnfProfileBuilder - UnknownAutzParams to fetch for RadiusCoAEnfProfiles: :
INFO Core.PETaskRadiusCoAEnfProfileBuilder - UnknownNAutzParams to fetch for RadiusCoAEnfProfiles: :

 

I can see no payload even arriving at the Receving WLC. 

 

Any Ideas?

 

Thanks,

 

Jaggie

CP 6.6

Try this and see if it works:

Hi Victor,

 

I added the the Framed IP Addrress as this was the only thing that was different in my policy to your screenshot.

 

I am assuming that the order doesn't make any difference?

 

Thanks,

 

Jaggie

No

Sent from Outlook for iPhone

Unfortunately I have the exact same error.

 

Thanks,

 

John

Do you have accounting enabled on the trapeze WLC ?

Sent from Outlook for iPhone

Nope accounting is not enabled but I have added the CP server as a DAC server on the WLC.

 

I have other DAC servers that can make CoA requests to these WLCs and accounting is not enabled for them either.

 

Thanks,

 

Jaggie

I ran into an issue with CoA and trapeze when accounting was enabled.

Also how do you have the trapeze WLC identified as under network devices ?

Sent from Outlook for iPhone

Accounting is enabed on CP but not on the Juniper WLC. 

 

CP is doing accounting for an Aruba Mobility Controller.

 

The device is declared as "Trapeze" but I have also tried to swap this to "Juniper" with the same error.

 

Thanks,

 

Jaggie

Please change it to IETF as vendor name

Hi,

 

Changing it to IETF shows the same error.

 

 

Thanks,

 

Jaggie

Hi Victor,

Do you have any other ideas?

Thanks,

Jaggie

Having the very same issue on clearpass 6.6.2 when sniffing the network no CoA leaves the clearpass. I had the setup partually working on 6.6.1 but the CoA was only sent sometimes (often not during the first auth but then with the second try). this applies to mac auth (mac caching). webauth (portal) worked fine but also broke during further testing (same enforcement profile).

 

any ideas someone?