IMPORTANT! Our RADIUS servers have changed. As of 15th October you will experience authentication problems if you've not re-configured.
Please click HERE for further details.

Aruba Instant (IAP) CoA / Disconnect

This guide details how to to enable support for CoA / Disconnect Message on your Aruba IAP deployment. This is required in order to use the Tiered Bandwidth data cap and/or E-mail verification kick off feature.

In order for CoA / Disconnect to be enabled, you need to activate the Dynamic RADIUS Proxy feature. This effectively proxies all RADIUS traffic through your current master IAP (virtual controller), rather than being sent by each individual AP.
When Dynamic RADIUS proxy is enabled, ensure that a static Virtual Controller IP is configured.


If you are using Aruba Central:


Start by logging into your Aruba Central dashboard.

Step 1 - Radius

Browse to Wireless Management > System. Set the following:

Dynamic RADIUS Proxy
Enabled

Click Save Settings.




OR if you are managing your Aruba IAP locally:


Start by logging into your master IAP (virtual controller).

Step 1 - Radius

Click System at the top. Set the following:

Virtual Controller IP
(ensure this is set, and a static IP on your network)
Dynamic RADIUS proxy
Enabled

Click OK to save.




The following is applicable regardless of using Aruba Central or local management:


Step 2 - Firewall

IMPORTANT: CoA works by accepting inbound traffic from our RADIUS. We will send this request back to the same WAN IP of which your master IAP (virtual controller) uses for outbound traffic to our RADIUS. Therefore, you will need to forward port 3799 (UDP) on your firewall from this WAN IP to the virtual controller IP on your local network.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.