https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4791683#M580379 <P>dACL?&nbsp; I don' think Aruba Switches support dACLs.&nbsp; You can call a local User Role that then maps to a local ACL or pass a local ACL name as the filter-id attribute.&nbsp; Keep in mind the CoA port for Aruba devices is 3799.</P> <P>Also is CoA enabled on the Aruba Switch?&nbsp; Is this an AOS-CX switch?&nbsp;</P> <P>radius dyn-authorization client [name] secret-key plaintext aruba123<BR />radius dyn-authorization enable</P> Fri, 10 Mar 2023 21:47:45 GMT ahollifield 2023-03-10T21:47:45Z https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4791519#M580376 <P>Hello,</P> <P>I have a problem with an Aruba Switch im using ise to do DACL on the aruba switch and its working but when a want to change the ACL i need to do a COA reauthenticate on the end user for him to change the ACL but for some reason i just wont work.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="definicion_reathunticate.PNG" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/178632iC6673CF1108EEF33/image-size/medium?v=v2&amp;px=400" role="button" title="definicion_reathunticate.PNG" alt="definicion_reathunticate.PNG" /></span></P> <P> this is the configuration i did for the reauthentication on a special profile for the aruba switches, the NAS-FILTER-RULE is the VSA92 the one im using to send the ACL to the user.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="error_COA_manual_reauthenticate.PNG" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/178633iC00C96D936799055/image-size/medium?v=v2&amp;px=400" role="button" title="error_COA_manual_reauthenticate.PNG" alt="error_COA_manual_reauthenticate.PNG" /></span></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="error_COA_manual_reauthenticate2.PNG" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/178634i40BA0A8ED948D577/image-size/medium?v=v2&amp;px=400" role="button" title="error_COA_manual_reauthenticate2.PNG" alt="error_COA_manual_reauthenticate2.PNG" /></span></P> <P> </P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="error_COA_manual_reauthenticate3_tapado.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/178635i34768F5B2D17C792/image-size/medium?v=v2&amp;px=400" role="button" title="error_COA_manual_reauthenticate3_tapado.png" alt="error_COA_manual_reauthenticate3_tapado.png" /></span></P> <P>this is the error im getting and idea on what can i do to overcome this?</P> <P> </P> Fri, 10 Mar 2023 15:17:34 GMT https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4791519#M580376 vivarock12 2023-03-10T15:17:34Z https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4791683#M580379 <P>dACL?&nbsp; I don' think Aruba Switches support dACLs.&nbsp; You can call a local User Role that then maps to a local ACL or pass a local ACL name as the filter-id attribute.&nbsp; Keep in mind the CoA port for Aruba devices is 3799.</P> <P>Also is CoA enabled on the Aruba Switch?&nbsp; Is this an AOS-CX switch?&nbsp;</P> <P>radius dyn-authorization client [name] secret-key plaintext aruba123<BR />radius dyn-authorization enable</P> Fri, 10 Mar 2023 21:47:45 GMT https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4791683#M580379 ahollifield 2023-03-10T21:47:45Z https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4791758#M580389 <P>Hello,</P> <P>yes they do support them using VSA 92 and is working but what i want to do is change the Assing DACL that the user is using but every time i get that error, heres the configuration on theARUBA switch.</P> <P>radius-server host 192.100.1.95 key "Hola.123"<BR />radius-server host 192.100.1.95 dyn-authorization<BR />radius-server host 192.100.1.95 clearpass<BR />radius-server access-request include framed-ip-address</P> <P>!</P> <P>is this the same as the config you share???</P> <P>radius dyn-authorization client [name] secret-key plaintext aruba123<BR />radius dyn-authorization enable</P> <P>!<BR />!</P> <P>thanks for the help by ther way</P> Sat, 11 Mar 2023 04:53:24 GMT https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4791758#M580389 vivarock12 2023-03-11T04:53:24Z https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4792047#M580400 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/340529">@vivarock12</a>&nbsp; The failure said no response from the NAD. Most likely the CoA port mismatched between ISE and the NAD. </P> Sun, 12 Mar 2023 06:59:20 GMT https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4792047#M580400 hslai 2023-03-12T06:59:20Z https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4792251#M580421 <P>this commands said that the COA request is geeting to the Switch but the switch does no response</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="vivarock12_0-1678679566338.png" style="width: 947px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/178775iB57EA9B51FB21222/image-dimensions/947x542?v=v2" width="947" height="542" role="button" title="vivarock12_0-1678679566338.png" alt="vivarock12_0-1678679566338.png" /></span></P> <P>Is there a special config to be done on the Client pc im using windows 802.1x client?</P> <P>&nbsp;</P> Mon, 13 Mar 2023 03:53:12 GMT https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4792251#M580421 vivarock12 2023-03-13T03:53:12Z https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4792960#M580442 No it looks like you have the RADIUS server defined but you do not have CoA enabled for that same RADIUS server. You need to add those two lines I copied previously and ensure ISE is configured to use port 3799 for CoA for this Aruba switch.<BR /> Mon, 13 Mar 2023 17:08:12 GMT https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4792960#M580442 ahollifield 2023-03-13T17:08:12Z https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4795787#M580544 <P>this is an AOS-S does this are the same command?</P> Thu, 16 Mar 2023 16:03:15 GMT https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4795787#M580544 vivarock12 2023-03-16T16:03:15Z https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4822423#M581394 <P>the problem was</P> <P>radius-server host 192.100.1.95 clearpass</P> <P>i remove the parameter and everything works</P> Wed, 26 Apr 2023 17:46:29 GMT https://community.cisco.com/t5/network-access-control/802-1x-coa-reauthenticate-aruba-switch/m-p/4822423#M581394 vivarock12 2023-04-26T17:46:29Z