Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.

Configuring Policy Manager as an RFC 3576 (CoA) Server

You can configure the Policy Manager RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. server to send user disconnect, change of authorization (CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. ), and session-timeout messages as described in RFC Request For Comments. RFC is a commonly used format for the Internet standards documentss. 3576, “Dynamic Authorization Extensions to Remote Dial In User Service (RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. ).” The disconnect, session timeout, and change of authorization messages sent from the server to the mobility controller or gateway Gateway is a network node that allows traffic to flow in and out of the network. contain information to identify the user for whom the message is sent.

A mobility controller or gateway Gateway is a network node that allows traffic to flow in and out of the network. supports the following attributes for identifying the users who authenticate with an RFC Request For Comments. RFC is a commonly used format for the Internet standards documentss. 3576 server:

user-name: name of the user to be authenticated

framed-ip-address: user IPv4 address

framed-ipv6-address: user IPv6 address

calling-station-id: phone number of a station that originated a call

accounting-session-id: unique accounting ID for the user session.

If the authentication server sends both supported and unsupported attributes to the mobility controller or gateway Gateway is a network node that allows traffic to flow in and out of the network., the unknown or unsupported attributes are ignored. If no matching user is found, the mobility controller or gateway Gateway is a network node that allows traffic to flow in and out of the network. sends a 503: Session Not Found error message back to the RFC Request For Comments. RFC is a commonly used format for the Internet standards documentss. 3576 server.

Configuring the Policy Manager Server as a CoA Server

The procedure to configure the Policy Manager server as a CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. server varies, depending upon the version of ArubaOS running on your mobility controller or gateway Gateway is a network node that allows traffic to flow in and out of the network.:

Before you configure any server as a CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. server, RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. must be enabled on the device (for details, see Adding a Mobility Controller or Gateway to Policy Manager ).

To enable communication between the mobility controller or gateway Gateway is a network node that allows traffic to flow in and out of the network. and the Policy Manager server, the values for RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. key configured on the Mobility master or controller and the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. shared secret configured on the Policy Manager server must be identical.

ArubaOS 8.x

For ArubaOS 8.x deployments:

1. In the Mobility Master node hierarchy, navigate to the Configuration > Authentication > Auth Servers tab.

2. To define a new RFC Request For Comments. RFC is a commonly used format for the Internet standards documentss. 3576 RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. server, click + under All Servers.

3. Select the Type as Dynamic Authorization from the drop-down list.

4. In IP address version, select either IPv4 or IPv6 radio button based on your preference.

5. In IP address, enter the IPv4 or IPv6 address of the Policy Manager server.

6. Click Submit.

7. From the All Servers list, select the server that you created to configure the server parameters.

8. Under Server Options, enter the server authentication key into the Key and Retype key fields.

9. Click Submit. For complete information on configuring Policy Manager as a COA server in an ArubaOS 8.x deplyment, refer to the Home > Authentication Servers > Configuring Servers > Configuring an RFC-3576 RADIUS Server sections of the ArubaOS 8.x User Guides.

ArubaOS 6.x

For ArubaOS 6.x deployments, access the mobility controller command-line interface and issue the aaa rfc-3576-server command.

aaa rfc-3576-server <ipaddr>

clone <source>

key <psk>

where

Parameter	Description
<ipaddr>	IP address of the Policy Manager server.
clone <source>	Name of an existing RFC Request For Comments. RFC is a commonly used format for the Internet standards documentss. 3576 server configuration from which parameter values are copied
key <psk>	Shared secret to authenticate communication between the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. client and server.

For complete information on configuring Policy Manager as a COA server in an ArubaOS 6.x deployment, refer to the aaa rfc-3576-server sections of the ArubaOS 6.5.x User Guides.