How to configure IPv6 RADIUS server to use FQDN? List the debugging options available.

Aruba Employee

Introduction :

 

ArubaOS provides support for RADIUS authentication server over IPv6. You can configure an IPv6 host or specify an FQDN that can resolve to an IPv6 address for RADIUS authentication. By default, the RADIUS server is in IPv4 mode. You must enable the RADIUS server in IPv6 mode to resolve the specified FQDN to IPv6 address.

 

Feature Notes :

 

Prior to AOS version 6.3.0.0, we could only configure the Aruba Controller to talk to the Radius/TACACS server using only IPv4 IP addresses. However, with AOS version 6.3.0.0, Aruba now supports communication between the controller and the Radius server using IPv6 IP address as well.

 

Environment : This article applies to all Aruba Controllers running OS version 6.3.0.0 or above.

 

Configuration Steps :

 

Through WebUI

 

To configure an IPv6 host for a RADIUS server:

1. Navigate to the Configuration > Security > Authentication > Servers page.

2. SelectRADIUS Server to display the RADIUS server List.

3. Select the required RADIUS server from the list to go to the Radius server page.

4. To enable the RADIUS server in IPv6 mode select the Enable IPv6 check box.

5. To configure an IPv6 host for the selected RADIUS server specify an IPv6 address or an FQDN in the Host field.

6. ClickApply to apply the configuration.

 

rtaImage.png
 

Through CLI

(Aruba7220) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(Aruba7220) (config) #aaa authentication-server radius Radiusserver
(Aruba7220) (RADIUS Server “Radius-fqdn") #enable-ipv6
(Aruba7220) (RADIUS Server “Radius-fqdn") #host blackbox.aruba.com
(Aruba7220) (RADIUS Server “Radius-fqdn") #key admin
(Aruba7220) (RADIUS Server "radius_fqdn") #end


 

To resolve FQDN, you must configure the DNS server name using the ip name-server <ip4addr> command.
 
(Aruba7220) (config) #ip name-server 10.15.56.150

 

Verification :

 

(Aruba7220) #show aaa authentication-server radius Radius-fqdn

RADIUS Server "Radiusserver"
---------------------------
--------------
Parameter                                                      Value
---------
-------                                                  ------------
Host                                                            blackbox.aruba.com
Key                                                              admin
Auth Port                                                    1812
Acct Port                                                     1813
Retransmits                                               3
Timeout                                                      5 sec
NAS ID                                                        N/A
NAS IP                                                         N/A
Enable IPv6                                               Enabled
NAS IPv6                                                     N/A
Source Interface                                        N/A
Use MD5                                                     Disabled
Use IP address for calling station ID    Disabled
Mode                                                           Enabled
Lowercase MAC addresses                   Disabled
MAC address delimiter                            none
Service-type of FRAMED-USER             Disabled





(Aruba7220) (config) #show ip domain-name

IP domain lookup:       Enabled
IP Host.Domain name:    Aruba7220.

DNS servers
===========
10.15.56.150

(*) Dynamic DNS entry




(Aruba7220) (config) # show aaa fqdn-server-names

Auth Server FQDN names
----------------------
FQDN                              IP Address      IPv6 Address    Refcount
   ----                                    ----------               ------------         --------
blackbox.aruba.com  10.15.56.150          2012::150          1



(Aruba7220) (config) #show aaa authentication-server all | include Radiusserver
Radiusserver    Radius  blackbox.aruba.com  2012::150      1812      1813      Enabled  0

 

 

Troubleshooting :

 

Following logging levels can be enabled on the controller check Radius related logs:


(Aruba3200) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(Aruba3200) (config) #logging level debugging security process authmgr
(Aruba3200) (config) #logging level debugging security subcat aaa

Version history
Revision #:
1 of 1
Last update:
‎07-18-2014 06:05 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: