Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

New Local Radius/dot1x

This thread has been viewed 0 times

  • 1.  New Local Radius/dot1x

    Posted Jan 21, 2013 05:10 PM

    I just brought a new local controller on line.  the master is at a different location and obviously hold the radius server config.  on the gui there is a nas-ip field that has the master's ip address should i just add the local's ip address there?  our NPS server is already configured to receive auth from the local's ip.

     

    Thanks,

     

    Rafael



  • 2.  RE: New Local Radius/dot1x

    EMPLOYEE
    Posted Jan 21, 2013 05:34 PM
    @r.ertel wrote:

    I just brought a new local controller on line.  the master is at a different location and obviously hold the radius server config.  on the gui there is a nas-ip field that has the master's ip address should i just add the local's ip address there?  our NPS server is already configured to receive auth from the local's ip.

     

    Thanks,

     

    Rafael

    You should be fine at the local without doing this.  Go to the Diagnostics tab on the local and go to AAA test server.  Do a test authentication from the local and see if it works.

     



  • 3.  RE: New Local Radius/dot1x

    Posted Jan 21, 2013 05:38 PM

    Yea, it does not work.  Are you thinking it is a server side issue?  So the Master's radius server profile does not need any further config when bringing a new local online?

     

    Thanks again,

     

    Rafael



  • 4.  RE: New Local Radius/dot1x

    EMPLOYEE
    Posted Jan 21, 2013 05:40 PM

    If you have a timeout look in the radius server's log to see if it is getting traffic from an unknown nas.

     



  • 5.  RE: New Local Radius/dot1x

    Posted Jan 21, 2013 05:53 PM

    Yup.  Timing out.  I'll have to hit up my systems guy.

     

    Rafael



  • 6.  RE: New Local Radius/dot1x

    EMPLOYEE
    Posted Jan 21, 2013 05:58 PM

    In Configuration> Security> Authentication> Advanced, you should be able to set the VLAN that the authentication comes from on the local controller.

     



  • 7.  RE: New Local Radius/dot1x

    Posted Jan 21, 2013 06:35 PM

    there (on the local)  i see a NAS IP (it is of the master) and a Source address option which is "none" right now.  again i am talking about on the local.  

     

    rafael



  • 8.  RE: New Local Radius/dot1x

    Posted Jan 21, 2013 06:42 PM

    that config is identical on the Master



  • 9.  RE: New Local Radius/dot1x

    EMPLOYEE
    Posted Jan 21, 2013 06:44 PM

    You will only really know when your Radius Server administrator comes back, so you can see the logs.  Anything else would be guessing, unfortunately.

     



  • 10.  RE: New Local Radius/dot1x

    Posted Jan 21, 2013 06:51 PM

    I can appreciate that.

     

    Thanks,

     

    Rafael



  • 11.  RE: New Local Radius/dot1x

    Posted Jan 22, 2013 01:06 PM

    Update,  my error has changed from a timeout to auth failed.  i think we are close.

     

    Rafael



  • 12.  RE: New Local Radius/dot1x

    Posted Jan 22, 2013 01:42 PM

    Got it working!  Thanks.

     

    rafael



  • 13.  RE: New Local Radius/dot1x
    Best Answer

    Posted Jan 30, 2013 02:21 PM

    I was trying to hit a radius server that had not yet been conf'ed correctly.