Stellar OVC RADIUS CoA not working -> CoA-NAK with reason "Session-Context-Not-Found"

Topic

Dear Spacewalkers,

We are using Stellar with OV Cirrus and a local Clearpass as Radius-Server to authenticate clients via 802.1x (EAP-TLS).

Authentication works fine and dynamic role-assignment via Filter-ID attribute in the Radius-Response is functioning.

Unfortunately, we need to use CoA to change role-assignment past initial authentication. This is not working. Clearpass is sending the CoA packet to the Stellar AP with the new role inside the Filter-ID attribute as well as the client MAC address in the Calling-Station-ID attribute.

The Stellar AP is always blocking the CoA-Request with a CoA-NAK. We captured that with Wireshark. The reason is “Session-Context-Not-Found”.

We also tried to add more attributes to help with session-context like Account-Session-ID or username. But nothing worked yet.

Has anyone experienced similiar behaviour and may have a solution to this?

Thanks!

 

PS: I’ve attached screenshots of the CoA-NAK packet.

Attachments:
Date
24.05.2023
answers
2
views
0
Author
Asked by pdi

Answers

Please try to use COA to terminate rather changing the role and see it helps.

Date
30.05.2023
Author
Asked by thanjavuru
Add Comment
Vote

This is the actual CoA-Profile configured in CPPM which is sent back to the Stellar AP. (Usually works with any vendor like Aruba, Cisco, OmniSwitch)

Attachments:
Date
24.05.2023
Author
Asked by pdi
Add Comment
Vote