Deutschsprachiges Forum

Reply
Occasional Contributor II
Posts: 10
Registered: ‎06-01-2016

Authentication Server not reachable

Hey Guys,

 

we're facing currently some authentication issues.

In our setup we're using 90 IAP 215 Aps in a cluster with 6.4.4.8-4.2.4.4_57496 Version and NPS from Microsoft on a Srv2012 R2.

 

We have a lot of clients which can authenticate successfully but we are getting more and more errors in the log of our controller:

Authentication Server xx with ip 10.xxx.xxx.xxx is down.

 

The Server is fully reachable, I can trace and ping it from the controller but it seems that for a lot of requests it is not working.

We're using EAP-PEAP with ms-chap-v2.

 

Do you have any Idea or a hint in which direction I could check?

Thanks and best regards

Maik

 

 

 

 

Guru Elite
Posts: 20,968
Registered: ‎03-29-2007

Re: Authentication Server not reachable

Do you have Dynamic Radius Proxy (DRP) Enabled?  If not, you would need to enter all of your IAPs as NAS devices in your NPS server, instead of a single ip address if you have DRP enabled:

 

http://www.arubanetworks.com/techdocs/Instant_423_WebHelp/InstantWebHelp.htm#UG_files/Authentication/Dynamic Proxy RADIUS.htm?Highlight=dynamic radius proxy



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 10
Registered: ‎06-01-2016

Re: Authentication Server not reachable

[ Edited ]

Thanks for your quick answer!

Yes, DRP is enabled and I've added in our radius the complete subnet of our wireless-mgmt Vlan were all of our APs and the Controler is inside.

e.g 10.161.8.0/23

I didn't add the single controler IP.

Best

Maik

Guru Elite
Posts: 20,968
Registered: ‎03-29-2007

Re: Authentication Server not reachable

You need to look at the eventviewer of the radius server to see if there are any clues.  

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 10
Registered: ‎06-01-2016

Re: Authentication Server not reachable

Already did that cant find anything which could cause the issue. But I also think that this is an issue regarding the nps server.

 

Thanks for your help!

Guru Elite
Posts: 20,968
Registered: ‎03-29-2007

Re: Authentication Server not reachable

Do you see successful authentications working?  How long have you had this problem?

 

Are all of your IAPs on the same subnet?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 10
Registered: ‎06-01-2016

Re: Authentication Server not reachable

[ Edited ]

yes, I have during the day around 1.7k clients connected but I can see in the logs that every 1-2 min that message appears. I'am facing that issue for a longer time, at least for the last month. 

What I just recognized, if the load of clients getting less e.g. now I have around 700 clients connected that messaging stops.

 

I was thinking if that are maybe just to much requests for that server, because that is just a small part of the stuff which is connecting to it.

 

In total I have around 480 IAPs 215 were during the day around 8500Clients are connected, But this server is doing dhcp and wired dot1x authentication as well for around 8k user or devices.

 

The load of the server seems to be fine cpu and memory is ususally not above 40-50%.

I#ve group my APs according to buildings but inside one building they are all in the same subnet.

e.g. Building 1: 10.160.8.0/23 Building 2: 10.161.8.0/23 and so on.

The server is running in a cluster with another one but just active/passive for failover

 

Best

Maik

Search Airheads
Showing results for 
Search instead for 
Did you mean: