> You want to make sure that the controllers are sending their IP addresses as > the NAS-IP-Address. This has to be done on each controller. If you don’t do > this, then the master IP address is sent by all the controllers and you get > this error.
That is correct. PacketFence is RFC 3576 compliant and is sending the Disconnect-Request to the NAS IP Address the original request came from. The default behavior of Aruba controller in that kind of setup is that every requests are coming out from the master NAS IP Address. Cheers! dw. -- Derek Wuelfrath [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On Sep 20, 2013, at 10:54 AM, Charles Rumford <[email protected]> wrote: > Rich - > > You want to make sure that the controllers are sending their IP addresses as > the NAS-IP-Address. This has to be done on each controller. If you don’t do > this, then the master IP address is sent by all the controllers and you get > this error. > > The command that you want is: > ip radius nas-ip a.b.c.d > > ---- > Charles Rumford > Network Engineer > ISC Network Operations > University of Pennsylvania > (p) 215-746-2808 > (c) 267-398-7939 > > On Sep 20, 2013, at 10:49 AM, Rich Graves <[email protected]> wrote: > >> We recently (two days before freshmen arrived, brilliant) added a second >> Aruba wireless controller (6.2.x), configured master/local. Previously they >> were an active/passive failover pair, but we now have more radios than >> licenses, so we dropped the redundancy. >> >> DeAuth is not working for clients on the second controller. PacketFence >> (3.4.x) is sending DeAuth packets to the aruba-master interface, which >> returns Disconnect-NAK: Session-Context-Not-Found. I observe that accounting >> packets sent by the secondary local controller include the aruba-master >> inferface in the NAS-IP-Address field. Is this how PacketFence knows where >> to send the DeAuth? >> >> I have "solved" the problem by hacking at SNMP.pm's radiusDisconnect() to >> retry the secondary controller's IP address if the primary returns NAK. This >> "works," but surely there's a better way. >> >> Is the Aruba master controller (ArubaOS 6.2.x) supposed to accept and >> forward DeAuth requests for its locals? Currently it's not. Should the local >> be sending its own address in the NAS-IP-Address field? How would I >> configure that? Or should PacketFence consult some mysterious oracle to know >> whether to send DeAuths to the master or the local? >> -- >> Rich Graves http://claimid.com/rcgraves >> Carleton.edu Sr UNIX and Security Admin >> ------------------------------------------------------------------------------ >> LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! >> 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint >> 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack >> includes >> Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. >> http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk_______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > ------------------------------------------------------------------------------ > LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! > 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint > 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes > Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. > http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
