08-02-2012 12:44 AM
Hi,
I'm trying to get CoA working on a 7206, and although it seems a fairly staright forward setup, I just can't make it work. Here are the following details that I have.
I'm using CoA Client (version 2.6) to do the testing. From the 7206 I get the following output from the debug.
Aug 2 15:16:46: ++++++ CoA Attribute List ++++++
Aug 2 15:16:46: 57259958 0 00000001 addr(7) 4 x.x.x.x (client session)
Aug 2 15:16:46:
Aug 2 15:16:46: COA: No matching entry found
Aug 2 15:16:46: COA: Added Reply Message: No Matching Session
Aug 2 15:16:46: COA: Added NACK Error Cause: Session Context Not Found
Aug 2 15:16:46: COA: Sending NAK from port 1700 to x.x.x.x/1700 (from server sending CoA request)
Aug 2 15:16:46: RADIUS: 18 21 4E6F204D61746368696E672053657373696F6E
Aug 2 15:16:46: RADIUS: 101 6 000001F7
and here's what I'm sending from the server sending the CoA requests: - when I use the same tool and try and disconnect the same session it works...
coa_w32.exe -n <coa server IP> -p 1700 -s 1700 -k secret123 -1 8,IP<client's IP>
IOS: 12.4(24)T7 advanced services
CoA config:
aaa server radius dynamic-author
client x.x.x.x server-key xxxxxxxx
server-key xxxxxxx
auth-type any
AAA config:
aaa new-model
!
!
aaa authentication username-prompt "Username: login: "
aaa authentication login go-radius group radius local
aaa authentication login console-logins line
aaa authentication ppp default none
aaa authentication ppp go-radius if-needed group radius
aaa authorization network default group radius none
aaa authorization network go-radius group radius
aaa authorization network permit none
aaa accounting delay-start
aaa accounting nested
aaa accounting update periodic 10
aaa accounting network default
action-type start-stop
group radius
aaa session-id common
RADIUS config:
radius-server attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
radius-server dead-criteria tries 20
radius-server host x.x.x.x auth-port 1812 acct-port 1813
radius-server source-ports extended
radius-server timeout 30
radius-server deadtime 10
radius-server key x.x.x.x
radius-server vsa send cisco-nas-port
radius-server vsa send accounting
radius-server vsa send authentication
Any help would be appreciated.
Luke
08-02-2012 09:20 PM
I suspect my problem is that the IOS version I have doesn't support the feature - it will do PoD, but not CoA. I'm going to need to move to an ISG IOS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide