ArubaOS and Controllers

Reply
Regular Contributor II

IAS RADIUS issue - all connects come from master IP

I'm still in a small pilot test of these equipment. Currently have 3 locals (620) deployed, but in my RADIUS server (2003 IAS), all requests are coming from the IP of the master controller, and not from the LMS.

From a configuration standpoint, this would be great - save me from creating 200 new entries in IAS, but does nothing for me as far as being able to track my authentication requests and usage.

From the LMS:

(Aruba620) # show ip radius nas-ip

RADIUS client NAS IP address = 192.168.2.32


Problem is, I don't remember ever putting that in the config. Is it safe to just remove it with a simple "no ip radius nas-ip" command?

^^^ No, it isn't. I used that command and the IP of the master is still there.

How can I get the authentications to use the IP of the LMS?

PS: I also tried turning off the master controller and authenticating from the LMS - requests still showed up in IAS as coming from the master's IP.

:confused:
Guru Elite

Requests from

All the requests should come from the switch ip of the controller that the AP is on, period. If the AP is on the master, that is where it will come from. if it is on a local controller, the request should come from there. Go to Diagnostics, then AAA Test server on a local controller and select your radius server. See if you can do a successful test and then see where the IAS server says it is coming from.

The nas-ip address is just a variable that is passed to the radius server, and nothing more.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee

Re: IAS RADIUS issue - all connects come from master IP

Matt,

Do the command "show ip radius source-interface". Is it set to 192.168.2.32?
Regular Contributor II

Re: IAS RADIUS issue - all connects come from master IP

Thanks for the replies.

This looks to be "fixed."

Looks like maybe somebody changed the reporting (or maybe it was never set up properly to begin with?).

We use IAS Log Viewer to analyze the logs, and it's always just reported the "Server IP" as the IP of our current wireless access points (Cisco).

For the Aruba local controllers it was reporting back the IP of the master. After looking more carefully at the individual connects, there is also a "Client IP" column that wasn't in the main log view. The client IP is showing the correct IP of the local controllers - just needed to add that column to the main reporting screen.

DOH! Learn something new every day!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: