Security

 View Only
last person joined: 9 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Dynamic Authorization attributes for CoA type reauth with Cisco ISE

This thread has been viewed 11 times

  • 1.  Dynamic Authorization attributes for CoA type reauth with Cisco ISE

    Posted 10 days ago

    Hi all, 

    I have configured 802.1x authentication on Aruba 2530 switches (16.11.0018). However, I have a problem with dynamic authorizations (CoA). The Port Bounce and Disconnect CoAs work, but the reauth CoA does not. I see in the logs of my Radius server (Cisco ISE) the "missing attribute". I can't find any information in the Aruba documentation to help me. 

    Below are the RADIUS attributes I've configured on the Radius server to make a reauth CoA:

    Radius:Calling-Station-ID = Radius:Calling-Station-ID
    Radius:NAS-IP-Address = Radius:NAS-IP-Address
    Radius:NAS-Port = 0 
    Radius:User-Name = 0

    The Bounce port works with the following attributes: 

    HP:HP-Port-Bounce-Host = 0
    Radius:Calling-Station-ID = Radius:Calling-Station-ID
    Radius:NAS-IP-Address = Radius:NAS-IP-Address
    Radius:NAS-Port = 0 
    Radius:User-Name = 0

    Disconnect works with the following attributes: 

    Radius:Calling-Station-ID = Radius:Calling-Station-ID
    Radius:NAS-IP-Address = Radius:NAS-IP-Address
    Radius:NAS-Port = 0 
    Radius:User-Name = 0

    Thank you for your help.



  • 2.  RE: Dynamic Authorization attributes for CoA type reauth with Cisco ISE

    Posted 10 days ago

    Awesome!  Would you also consider sharing this on the Cisco ISE Community as well?  https://community.cisco.com/t5/network-access-control/bd-p/discussions-network-access-control


    Original Message


  • 3.  RE: Dynamic Authorization attributes for CoA type reauth with Cisco ISE

    Posted 8 days ago

    I will do it when it will work. I have the configuration for CX 6000 too and it works.


    Original Message