cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2219
Views
4
Helpful
7
Replies

802.1x COA reauthenticate - Aruba Switch

vivarock12
Level 1
Level 1

Hello,

I have a problem with an Aruba Switch im using ise to do DACL on the aruba switch and its working but when a want to change the ACL i need to do a COA reauthenticate on the end user for him to change the ACL but for some reason i just wont work.

definicion_reathunticate.PNG

 this is the configuration i did for the reauthentication on a special profile for the aruba switches, the NAS-FILTER-RULE is the VSA92 the one im using to send the ACL to the user.

error_COA_manual_reauthenticate.PNG

error_COA_manual_reauthenticate2.PNG

error_COA_manual_reauthenticate3_tapado.png

this is the error im getting and idea on what can i do to overcome this?

1 Accepted Solution

Accepted Solutions

vivarock12
Level 1
Level 1

the problem was

radius-server host 192.100.1.95 clearpass

i remove the parameter and everything works

View solution in original post

7 Replies 7

dACL?  I don' think Aruba Switches support dACLs.  You can call a local User Role that then maps to a local ACL or pass a local ACL name as the filter-id attribute.  Keep in mind the CoA port for Aruba devices is 3799.

Also is CoA enabled on the Aruba Switch?  Is this an AOS-CX switch? 

radius dyn-authorization client [name] secret-key plaintext aruba123
radius dyn-authorization enable

Hello,

yes they do support them using VSA 92 and is working but what i want to do is change the Assing DACL that the user is using but every time i get that error, heres the configuration on theARUBA switch.

radius-server host 192.100.1.95 key "Hola.123"
radius-server host 192.100.1.95 dyn-authorization
radius-server host 192.100.1.95 clearpass
radius-server access-request include framed-ip-address

!

is this the same as the config you share???

radius dyn-authorization client [name] secret-key plaintext aruba123
radius dyn-authorization enable

!
!

thanks for the help by ther way

No it looks like you have the RADIUS server defined but you do not have CoA enabled for that same RADIUS server. You need to add those two lines I copied previously and ensure ISE is configured to use port 3799 for CoA for this Aruba switch.

this is an AOS-S does this are the same command?

hslai
Cisco Employee
Cisco Employee

@vivarock12  The failure said no response from the NAD. Most likely the CoA port mismatched between ISE and the NAD.

this commands said that the COA request is geeting to the Switch but the switch does no response

vivarock12_0-1678679566338.png

Is there a special config to be done on the Client pc im using windows 802.1x client?

 

vivarock12
Level 1
Level 1

the problem was

radius-server host 192.100.1.95 clearpass

i remove the parameter and everything works