Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Dynamic Authorization failed - COA centralized web authentication

I configured a centralized web authentication with users in the Active Directory. The problem is CoA, but it is enable in the ISE and WLC.

CoA Problem:

 

WLC :

 

(Cisco Controller) >show radius rfc3576 statistics
RFC-3576 Servers:

Server Index..................................... 1
Server Address................................... 192.168.73.210
Disconnect-Requests.............................. 0
COA-Requests..................................... 0
Retransmitted Requests........................... 0
Malformed Requests............................... 0
Bad Authenticator Requests....................... 0
Other Drops...................................... 0
Sent Disconnect-Ack.............................. 0
Sent Disconnect-Nak.............................. 0
Sent CoA-Ack..................................... 0
Sent CoA-Nak..................................... 0
Server Index..................................... 2

Everyone's tags (3)
5 REPLIES
New Member

I have exactly the same

I have exactly the same problem. In your logging do you have also this kind of message :

*radiusCoASupportTransportThread: Apr 17 14:23:38.060: #AAA-3-COA_WRONG_NAS_IP: radiusCoAsupport.c:1023 Received IP address[xx.xx.xx.xx] for CoA Packet.

I have tried lot of different configuration but nothing works, I have to do a "Session reauthentication" manually in the live sessions page.

Cisco Employee

 check the following

 

check the following discussion

https://supportforums.cisco.com/discussion/11679106/ise-dynamic-authorization-failed

https://supportforums.cisco.com/discussion/11602806/dynamic-authorization-failed

New Member

Thanks for your help, but

Thanks for your help, but already seen for my part.

If gustavoponce has the same problem as I have, manually reauthentication works fine, so I don't think it's a network issue, I'm thinking more of a parameters missing in WLC and/or ISE.

Thanks everyone! but I could

Thanks everyone! but I could not solved it.

The scenario is as follows:

I configured a SSID : CAMPUS  in a university with  centralized web authentication. When an Active directory user login (students) will be redirect to vlan 101 and if is a guest user to vlan 102. The authentication is good! (ISE Log, pimage above) but I think Guest flow is not working because the authentication web appear again after login.

*AD/guest sequence for Guest Portal Authentication.

In WLC Nac state: Radius Nac, Allow AAA override and rfc 3576 is enable in ISE (reauth) and WLC, the versions are : ISE 1.2 PATCH 7 and WLC 7.4.121.

 

New Member

I'm having this problem as

I'm having this problem as well, were you able to solve it eventually?

917
Views
0
Helpful
5
Replies