Re: [PacketFence-users] Aruba 505 and 515 V8.12

Fri, 25 Jul 2025 05:28:31 -0700 

Not finding anything obvious to change.  On my AP I see:
unable to locate client mac - a4:f9:21:54:65:73 ip - 0.0.0.0 name - 
a4f921546573 <- This is the MAC I am trying to deauth/tes with.

Also it would seem that Packetfence is not sending a CoA (on 5999), but a 
RADIUS disconnect on 3799
            The AP states it is listening on 3799 for rfc3576
            Airgroup RFC3576 is port 5999 -> this is what I used previously 
prior to the AP Firmware Upgrade and on my old Aruba APs.
I reverified I definitiely have Use CoA on.

Jeremy Yoke
IT Manager
TREALITY® Simulation Visual Systems

From: Jeremy Yoke
Sent: Wednesday, July 23, 2025 1:07 PM
To: 'Fabrice Durand' <oeufd...@gmail.com>
Cc: packetfence-users@lists.sourceforge.net
Subject: RE: [PacketFence-users] Aruba 505 and 515 V8.12

Thank you for this.  I will add this to my troubleshooting toolbelt.  I am also 
looking through to see if I can find anything obvious.

The Type: Aruba::Instant_Access


Here is the output:
2025-07-23 13:01:37.863408 (6) IP version invalid 0
2025-07-23 13:02:30.665763 (7) Disconnect-Request Id 84 any:10.1.145.123:39511 
-                                                  > 10.1.145.100:3799 +112.802
        User-Name = "a4f921546573"
        NAS-IP-Address = 10.1.145.100
        Calling-Station-Id = "a4f921546573"
        Authenticator-Field = 0xce8d6bc653b8fe69a01b5abc5b6d7259
2025-07-23 13:02:30.667461 (8) Disconnect-NAK Id 84 any:10.1.145.123:39511 <- 
10                                                  .1.145.100:3799 +112.804 
+0.001
        NAS-IP-Address = 10.1.145.100
        NAS-Port-Type = Wireless-802.11
        Message-Authenticator = 0x7775b9de8503720e2ba881409f717d95
        Error-Cause = Session-Context-Not-Found
        Authenticator-Field = 0x921ce53a386ed8b1ace77619e06ebfe9

Jeremy Yoke
IT Manager
TREALITY® Simulation Visual Systems

From: Fabrice Durand <oeufd...@gmail.com<mailto:oeufd...@gmail.com>>
Sent: Wednesday, July 16, 2025 12:13 PM
To: Jeremy Yoke 
<jeremy.y...@trealitysvs.com<mailto:jeremy.y...@trealitysvs.com>>
Cc: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Aruba 505 and 515 V8.12

Hello Jeremy,

no problem, it will be my turn soon.

Ok so it's not the port 5999 then.
Try with the ip of the switch instead:
radsniff -i any -f "host 10.1.145.100" -x

And can you confirm what the switch module you are using in PacketFence ?

Regards
Fabrice


Le lun. 14 juil. 2025 à 15:49, Jeremy Yoke 
<jeremy.y...@trealitysvs.com<mailto:jeremy.y...@trealitysvs.com>> a écrit :
Hello Fabrice,

I apologize for the extremely long delay.  I am often slow to receive the mails 
from the user list.  I also went on holiday 😉

Anyhow.
I SSH into my packetfence server ran the command that you suggested I received:
root@packetfence25:~# radsniff -i any -f "port 5999" -x
Logging all events
Sniffing on (any)

I then did a re-evaluate on my node.
I Received a disconnect-NAK again, but nothing was sniffed or was output in the 
console.

RADIUS Entry:
RADIUS Request
User-Name = 088edcb5bc40 "
NAS-IP-Address = 10.1.145.100 "
Calling-Station-Id = 088edcb5bc40",

RADIUS Reply
NAS-IP-Address = 10.1.145.100 "
Message-Authenticator = ،??
9|߅{?#
?s? "
NAS-Port-Type = Wireless-802.11 "
Code = Disconnect-NAK "
Error-Cause = Session-Context-Not-Found


Jeremy Yoke
IT Manager
TREALITY® Simulation Visual Systems

From: Fabrice Durand <oeufd...@gmail.com<mailto:oeufd...@gmail.com>>
Sent: Thursday, June 26, 2025 4:29 PM
To: Jeremy Yoke 
<jeremy.y...@trealitysvs.com<mailto:jeremy.y...@trealitysvs.com>>
Cc: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Aruba 505 and 515 V8.12

You don't often get email from oeufd...@gmail.com<mailto:oeufd...@gmail.com>. 
Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>
you can do a:
radsniff -i any -f "port 5999" -x

on the server and trigger a CoA and paste the output.



Le jeu. 26 juin 2025 à 15:24, Jeremy Yoke 
<jeremy.y...@trealitysvs.com<mailto:jeremy.y...@trealitysvs.com>> a écrit :
Hello Fabrice,

Thank you for your response.  Can you explain what you mean by this the 
attributes and values?  How I would get these?

Kind Regards,

Jeremy Yoke
IT Manager
TREALITY® Simulation Visual Systems

From: Fabrice Durand <oeufd...@gmail.com<mailto:oeufd...@gmail.com>>
Sent: Tuesday, June 24, 2025 9:24 PM
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Jeremy Yoke 
<jeremy.y...@trealitysvs.com<mailto:jeremy.y...@trealitysvs.com>>
Subject: Re: [PacketFence-users] Aruba 505 and 515 V8.12

You don't often get email from oeufd...@gmail.com<mailto:oeufd...@gmail.com>. 
Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>
Hello Jeremy,

Do you have the attributes and values sent in the CoA request ?

Regards
Fabrice


Le mar. 24 juin 2025 à 17:44, Jeremy Yoke via PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
 a écrit :
Hello Community,

Looking for some assistance with Aruba IAP group.  Initially I had everything 
working ok.  Due to some issues with the APs themselves I had to update the 
firmware to 8.12.05_92330 SSR
Since then I am receiving Disconnect-NAK from the APs when a COA is issued.

These are Aruba instants mostly model 505 and a couple 515
The 515 is the preferred master.

The template I am using is Aruba Instant Access, also tried the Aruba Instant 
with seemingly no change.
I am doing Role Mapping by VLAN ID
Use COA
Use Connector For Deauth
I also tried forcing the COA port to 5999

All was working prior to firmware update currently the only difference is 
making the port 5999.
Authorizations and VLAN assignment is still functioning.

Here is the RADIUS log with a Disconnect-NAK

RADIUS Reply
NAS-IP-Address = 10.1.145.100 "
Message-Authenticator = DD JJlB(??/0?`?e "
NAS-Port-Type = Wireless-802.11 "
Code = Disconnect-NAK "
Error-Cause = Session-Context-Not-Found

Does anyone have some ideas on how to resolve this?

Jeremy Yoke
IT Manager
TREALITY® Simulation Visual Systems
600 Bellbrook Ave.
Xenia, Ohio 45385
Cell: +1 (937) 901 5684
jeremy.y...@trealitysvs.com<mailto:jeremy.y...@trealitysvs.com>
www.TREALITYSVS.com<http://www.trealitysvs.com/>

________________________________
Confidentiality Notice:

This e-mail message, including any attachments, is for the sole use of the 
intended recipient(s) and may contain confidential or proprietary information. 
Any unauthorized review, use, disclosure, or distribution is prohibited. If you 
are not the intended recipient, immediately contact the sender by reply e-mail 
and destroy all copies of the original message.

TREALITY SVS, LLC.<http://www.trealitysvs.com/>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to