Aruba Instant & Cloud Wi-Fi

Reply
MAB
Occasional Contributor I
Posts: 8
Registered: ‎07-30-2012

CP - ICMP Dest Unreachable on Port 1812 0 IAP RADIUS Request

Hi, I'm new to IAP but not new to RADIUS or controller based access.  I'm setting up my IAP for the first time, I'm seeing ICMP dest unreachable for IAP(v6.2.0.0-3.2.0.2_37229) requests on UDP/1812 coming back from CP (v5.2.0.43003).  I have 15 controllers connecting to the same CP servers with no issues.  I've sniffed in front of the IAP and have run a dump on CP.  Both show the original radius request and a corresponding ICMP dest unreachable.

 

Strange since in the CP dump there are RADIUS requests before and after the IAP requests on 1812 that are serviced normally.  I've confirmed that I've created the NAS device correctly in CP.  If the NAS was set up incorrectly I would see a bad/unknown NAS entry in CP Access Tracker.  These requests are not making that high up the OSI stack even.

 

Has anyone seen behaviour like this before?  Suggestions welcome.

 

 

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: CP - ICMP Dest Unreachable on Port 1812 0 IAP RADIUS Request

Did you setup dynamic radius proxy on IAP?

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
MAB
Occasional Contributor I
Posts: 8
Registered: ‎07-30-2012

Re: CP - ICMP Dest Unreachable on Port 1812 0 IAP RADIUS Request

I do indeed...also configured the virtual controller address in IAP, which is set up as a NAS device in CP.

 

Thanks

MAB
Occasional Contributor I
Posts: 8
Registered: ‎07-30-2012

Re: CP - ICMP Dest Unreachable on Port 1812 0 IAP RADIUS Request

I figured out what the problem is (between the chair and keyboard).

 

I was pointing IAP at the management interface of my CP server instead of the data interface. 

 

Thanks!

Search Airheads
Showing results for 
Search instead for 
Did you mean: