cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

11242
Views
0
Helpful
22
Replies
Jeffrey Jones
Contributor

Aruba Wireless Controller and ISE

Ok, so we have the basic part working, but CoA is failing to respond to the request from the ISE server. Any ideas anyone?

Jeff

22 REPLIES 22

Hi jjonessec1969,

any change on this? Can you now disclose the steps to make ISE and Aruba work together? :)

Thank you in advance.

Best Regards,

molnar.erik

aman.diwakar
Beginner

Interesting that CoA is working with Aruba, we were under the impression it was not. Any challenges you want to share with us in getting that integration in place?

Naveen Kumar
Enthusiast

it doesnt have to be inline to get Aruba to work, Aruba's issue is they currently have a bug in CoA so sometimes you will see CoA failures. Working with Aruba technical support on it now.

I was working on an Aruba and ISE deployment. The endpoint needed to be postured, but it never worked properly.

We saw that the endpoint was authenticated against ISE and the radius accept packet was received in the aruba controller. However, the iPEP session was never triggered and the endpoint never got access to the redirecction link. Is there an example of Aruba and iPEP you can share?

Ravi Singh
Rising star

This might help you out.

"Certain  advanced use cases, such as those that involve posture assessment,  profiling, and web authentication, are not consistently available with  non-Cisco devices or may provide limited functionality, and are  therefore not supported with non-Cisco devices. In addition, certain  other advanced functions like central web authentication (CWA), Change  of Authorization (CoA), Security Group Access, and downloadable ACLs,  are only supported on Cisco devices.""

http://www.cisco.com/en/US/docs/security/ise/1.1.1/compatibility/ise_sdt.html

manjeets
Participant

We only support LWA guest on the Aruba Controller with ISE. The captive portal is hosted on the Aruba controller. 

 

Additionally the AUP on the controller is just a link to the AUP page and there is no check box to select. By logging in you agree to the AUP implicitly. You can read the text of the AUP by clicking the link.

See the following VoD on how we can get preactivated guests to work on an Aruba controller. 

 

http://ecm-link.cisco.com/ecm/view/objectId/090dcae184b05aef/versionLabel/CURRENT

 

Also the ISE-Aruba integration guide is here: http://ecm-link.cisco.com/ecm/view/objectId/090dcae184a2f348/versionLabel/CURRENT

 

Links seem to be broken. Could you verify please?

Content for Community-Ad