Hughes Jr, William E
2015-04-28 18:35:30 UTC
First time mailing this list so I am hoping I am doing this correctly.
We have been working with PacketFence on a Aruba for a while and it seems we have hit a complete dead end. The sad part is we are 90% of the way there so I am hoping for a little support to get over this hump.
We have configured PacketFence to work with our Aruba Access Point.
We can connect to the access point at which time PacketFence puts us into the Registration VLAN
Auth: Login OK: [D0:DF:9A:04:29:7B] (from client 10.0.50.120 port 0 cli D0:DF:9A:04:29:7B)
Auth: rlm_perl: Returning vlan 2 to request from d0:df:9a:04:29:7b port 0
The authentication works beautifully
However, it appears the CoA fails
INFO: deauthenticating d0:df:9a:04:29:7b (pf::Switch::Aruba::radiusDisconnect)
INFO: controllerIp is set, we will use controller 10.0.50.120 to perform deauth (pf::Switch::Aruba::radiusDisconnect)
INFO: [10.0.50.120] Returning ACCEPT with role: Faculty (pf::Switch::Aruba::__ANON__)
WARN: Unable to perform RADIUS Disconnect-Request. CoA-NAK received with Error-Cause: Invalid-Request. (pf::Switch::Aruba::radiusDisconnect)
Now I know the VLAN switching is working because if we disconnect the device manually and reconnect it works great
Auth: Login OK: [D0:DF:9A:04:29:7B] (from client 10.0.50.120 port 0 cli D0:DF:9A:04:29:7B)
Auth: rlm_perl: Returning vlan 100 to request from d0:df:9a:04:29:7b port 0
We have been working with PacketFence on a Aruba for a while and it seems we have hit a complete dead end. The sad part is we are 90% of the way there so I am hoping for a little support to get over this hump.
We have configured PacketFence to work with our Aruba Access Point.
We can connect to the access point at which time PacketFence puts us into the Registration VLAN
Auth: Login OK: [D0:DF:9A:04:29:7B] (from client 10.0.50.120 port 0 cli D0:DF:9A:04:29:7B)
Auth: rlm_perl: Returning vlan 2 to request from d0:df:9a:04:29:7b port 0
The authentication works beautifully
However, it appears the CoA fails
INFO: deauthenticating d0:df:9a:04:29:7b (pf::Switch::Aruba::radiusDisconnect)
INFO: controllerIp is set, we will use controller 10.0.50.120 to perform deauth (pf::Switch::Aruba::radiusDisconnect)
INFO: [10.0.50.120] Returning ACCEPT with role: Faculty (pf::Switch::Aruba::__ANON__)
WARN: Unable to perform RADIUS Disconnect-Request. CoA-NAK received with Error-Cause: Invalid-Request. (pf::Switch::Aruba::radiusDisconnect)
Now I know the VLAN switching is working because if we disconnect the device manually and reconnect it works great
Auth: Login OK: [D0:DF:9A:04:29:7B] (from client 10.0.50.120 port 0 cli D0:DF:9A:04:29:7B)
Auth: rlm_perl: Returning vlan 100 to request from d0:df:9a:04:29:7b port 0