06-18-2020 12:51 AM - edited 06-18-2020 12:52 AM
Hello,
We have a PSN node in our DMZ that acts as a guest portal for our guest SSID.
I've had reports that when users enter their U&P to the portal it wont connect to the internet i.e. it wont drop the ACL.
I've checked the radius logs and can see the following:
11204 | Received reauthenticate request | |
11220 | Prepared the reauthenticate request | |
11100 | RADIUS-Client about to send request - ( port = 1700 , type = Cisco CoA ) | |
11104 | RADIUS-Client request timeout expired (Step latency=10005 ms) | |
11213 | No response received from Network Access Device after sending a Dynamic Authorization request |
We have UDP port 1700 open on our FW between the WLC and the PSN so I dont think its being blocked but is there a WLC command I can use to check?
Or should/can I tweek the timeout period?
Also I'm a little confused if the port needs to be open between the WLC and the PSN or the AP and the PSN?
Unfortunatley the site is in a different country so I cant test myself with a device.
We're running ISE 2.6 patch 7.
WLC 8.5.161.0
Thanks
06-18-2020 05:27 AM
06-19-2020 12:28 AM
Hello,
Thanks for the reply Mike.
I'm running flexconnect. I'm pretty certain my setup is correct and it all works, its just occationally for some devices I get the error.
I'm not sure if CoA is just timing out or its something else.
06-21-2020 03:19 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide