RFC 3576 is the standard for RADIUS Change of Authorization (CoA). This is when the RADIUS server reached out to the switch/AP/controller to change the access of a client, example do a port-bounce, disconnect a wireless client or change a Role/VLAN for a client. So it's in the other direction. Because the RADIUS servers for authentication in general are the same as the ones doing a CoA, but these may be other servers as well, you would need to configure in the rfc3576 server from which remote servers/ip the switch/AP/controller will accept CoA messages, and you typically need to configure the shared secret for those as well as the RADIUS and CoA shared secret may be different.
In most cases, for CoA to work you would need to configure all your RADIUS servers as well as all of them as RFC 3576 server.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Apr 11, 2023 03:50 AM
From: champ85
Subject: rfc 3576 server - use case
Hi all,
What is the use case for rfc 3576 server ?
Wouldn't that be the same as using clearpass as RADIUS server ?
Thanks