Controller-less WLANs

How to verify the TLS tunnel status between the IAP and RadSec Cloud server on IAP?

Aruba Employee
Q:

How to verify the TLS tunnel status between the IAP and RadSec Cloud server on IAP?



A:

When using Cloud guest SSID, guest users are authenticated against Radsec(RADIUS over TLS) server on the cloud.  In order to find the TLS tunnel status between IAP and Radsec cloud server, "show radius status" can be executed on IAP as shown below.  If the status is found to be "INIT" rather "Connected", there is some communication issue between IAP and Radsec cloud server. Hence ensure the below is allowed on the firewall.

 

  • Ensure TCP/2083 is allowed on the firewall as that's the default destination port for Radius over TLS.
  • Make sure the Server IP is allowed as well on the firewall.

 

ArubaIAP225# sh radius status

Radius server status
--------------------
Name            Server IP       Source IP  Server Name                                    Protocol    Port  Connected sockets  Status          Last connection tried at    Next connection at
----            ---------       ---------  -----------                                    --------    ----  -----------------  ------          ------------------------    ------------------
InternalServer  127.0.0.1       10.3.2.15  Not configured                                 RADIUS/UDP  1616  Not Applicable     Not Applicable  Not Applicable              Not Applicable
AS1_#guest#_    52.74.197.151   10.10.2.5  asw1.cloudguest.central.arubanetworks.com      RADIUS/TLS  2083  1                  CONNECTED       2016-01-16 11:58:18.110751  Not Applicable
Version history
Revision #:
2 of 2
Last update:
‎08-08-2016 11:51 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.