Monitoring, Management & Location Tracking

Airwave management authentication failing using generic radius server
Problem:

Airwave is using a generic Radius server for Authentication.

On the Radius server, we could see the radius access requests being received and they are accepts in the radius logs. However, the user is not able to login to Airwave GUI, Authentication just fails.



Diagnostics:

when we execute the below command on the server:

show security flow session source-prefix 172.24.28.253 destination-prefix 10.1.4.141 node0:
--------------------------------------------------------------------------
 
Flow Sessions on FPC7 PIC0:
 
Session ID: 140040921, Policy name: default-permit/399, State: Active, Timeout: 58, Valid
  In: 172.24.28.253/57779 --> 10.1.4.141/1812;udp, If: reth4.0, Pkts: 1, Bytes: 90
  Out: 10.1.4.141/1812 --> 172.24.28.253/57779;udp, If: reth3.5, Pkts: 0, Bytes: 0
Total sessions: 1

We could see the 90 Bytes have been sent out to radius server, but we see 0 coming back.

If we do a packet capture (TCP Dump from the Airwave CLI)

[root@axbfamp3 mercury]# tcpdump dst 10.1.4.141 or src 10.1.4.141 or dst 10.1.7.96 or src 10.1.7.96
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:32:58.710003 IP axbfamp3.xxxxxbf.local.36705 > axinnps1.central.xxxxxx.grp.radius: RADIUS, Access Request (1), id: 0xac length: 62
11:33:13.771139 IP axbfamp3.xxxxxbf.local.44407 > axinnps2.central.xxxxxx.grp.radius: RADIUS, Access Request (1), id: 0xad length: 62

We could see the Access requests being sent. However, we do not see any response.

If we notice the warning in the above packet capture , it looks like there is no eth0 configured on this server and by default, Airwave uses eth0 for any data to receive. So, tried to look at the ifconfig output of the server:

[root@axbfamp3 mercury]# ifconfig
bond0     Link encap:Ethernet  HWaddr 90:B1:1C:4F:1A:2D
          inet addr:172.24.28.251  Bcast:172.24.28.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:69399 errors:0 dropped:0 overruns:0 frame:0
          TX packets:36623 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:22621239 (21.5 MiB)  TX bytes:8259999 (7.8 MiB)

eth0      Link encap:Ethernet  HWaddr 90:B1:1C:4F:1A:2D
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:52093 errors:0 dropped:0 overruns:0 frame:0
          TX packets:36623 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:21513655 (20.5 MiB)  TX bytes:8259999 (7.8 MiB)
          Interrupt:35

eth2      Link encap:Ethernet  HWaddr 90:B1:1C:4F:1A:2D
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:17306 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1107584 (1.0 MiB)  TX bytes:0 (0.0 b)
          Interrupt:34

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:55664 errors:0 dropped:0 overruns:0 frame:0
          TX packets:55664 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:60244553 (57.4 MiB)  TX bytes:60244553 (57.4 MiB)

 

So, looking at the output, we can understand that there is Ethernet bonding configured. Therefore bond0 has the ip addressing. Since, Airwave assumes that Eth0 will receive the packets and dropping everything else. We could make the configuration change on Airwave to make Bond0 as AMP facing interface, instead of Eth0.

 



Solution

We could do the following to make this change:

# dbc "update seas_config set ap_facing_amp_interface = 'bond0';"

Now the server would get a proper response as the NAS IP would be bond0 IP and the Authentication would be a success.

Version History
Revision #:
2 of 3
Last update:
‎06-28-2016 12:08 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.