Tuesday
Hey team
I am running Forescout as a NAC and when a client via Dot1x gets access to the network and Forescoute sends a CoA message i se the switch accept it but its no kicking out the client until i remove the cable and put it back in.
Sometimes mulitble times until it enters the correct Client VLAN.
i am Useing freeradius.internal
attribute "Send-CoA-Type"
Session-Reauthenticate
and also tested Reauthenticate.
Anyone manage to solve this?
Wednesday
What does your configuration on the switch look like?
Looking at my own NAC config it's using the standard COA delimited radius responses so I don't see much of an issue there, it should be comparable to what you are sending.
yesterday
# EAP CONFIGURATION
#
eapol auto-isid-offset 9900000
eapol auto-isid-offset enable
eapol enable
interface GigabitEthernet 1/3
default-vlan-id 32
name "dot1x"
no shutdown
slpp-guard enable
spanning-tree bpduguard enable
spanning-tree mstp edge-port true
no spanning-tree mstp force-port-state enable
eapol guest-vlan 32
eapol fail-open-vlan 32
eapol guest-isid 1000032
eapol fail-open-isid 1000032
eapol radius-dynamic-server enable
eapol status auto
eapol multihost radius-non-eap-enable
eapol re-authentication-period 28800
eapol re-authentication enable
eapol traffic-control in
# RADIUS CONFIGURATION
#
radius server host 192.168.22.21 key ****** priority 1 retry 2 timeout 3
no radius server host 192.168.22.21 used-by cli acct-enable
radius server host 192.168.24.21 key ****** priority 2 retry 2 timeout 3
no radius server host 192.168.24.21 used-by cli acct-enable
radius server host 192.168.22.20 key ****** used-by eapol priority 1 retry 2 timeout 3
radius server host 192.168.24.20 key ****** used-by eapol priority 2 retry 2 timeout 3
radius server host 192.168.22.21 key ****** used-by web priority 1 retry 2 timeout 3
no radius server host 192.168.22.21 used-by web acct-enable
radius server host 192.168.24.21 key ****** used-by web priority 2 retry 2 timeout 3
no radius server host 192.168.24.21 used-by web acct-enable
radius enable
radius accounting enable
radius maxserver 6
radius reachability keep-alive-timer 30 unreachable-timer 30
radius reachability mode status-server
radius dynamic-server client 192.168.22.20 secret ****** enable
radius dynamic-server client 192.168.24.20 secret ****** enable