Security

Reply
Frequent Contributor II
Posts: 124
Registered: ‎09-10-2012

New Local Radius/dot1x

I just brought a new local controller on line.  the master is at a different location and obviously hold the radius server config.  on the gui there is a nas-ip field that has the master's ip address should i just add the local's ip address there?  our NPS server is already configured to receive auth from the local's ip.

 

Thanks,

 

Rafael

Guru Elite
Posts: 20,562
Registered: ‎03-29-2007

Re: New Local Radius/dot1x


r.ertel wrote:

I just brought a new local controller on line.  the master is at a different location and obviously hold the radius server config.  on the gui there is a nas-ip field that has the master's ip address should i just add the local's ip address there?  our NPS server is already configured to receive auth from the local's ip.

 

Thanks,

 

Rafael


You should be fine at the local without doing this.  Go to the Diagnostics tab on the local and go to AAA test server.  Do a test authentication from the local and see if it works.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 124
Registered: ‎09-10-2012

Re: New Local Radius/dot1x

Yea, it does not work.  Are you thinking it is a server side issue?  So the Master's radius server profile does not need any further config when bringing a new local online?

 

Thanks again,

 

Rafael

Guru Elite
Posts: 20,562
Registered: ‎03-29-2007

Re: New Local Radius/dot1x

If you have a timeout look in the radius server's log to see if it is getting traffic from an unknown nas.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 124
Registered: ‎09-10-2012

Re: New Local Radius/dot1x

Yup.  Timing out.  I'll have to hit up my systems guy.

 

Rafael

Guru Elite
Posts: 20,562
Registered: ‎03-29-2007

Re: New Local Radius/dot1x

In Configuration> Security> Authentication> Advanced, you should be able to set the VLAN that the authentication comes from on the local controller.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 124
Registered: ‎09-10-2012

Re: New Local Radius/dot1x

there (on the local)  i see a NAS IP (it is of the master) and a Source address option which is "none" right now.  again i am talking about on the local.  

 

rafael

Frequent Contributor II
Posts: 124
Registered: ‎09-10-2012

Re: New Local Radius/dot1x

that config is identical on the Master

Guru Elite
Posts: 20,562
Registered: ‎03-29-2007

Re: New Local Radius/dot1x

[ Edited ]

You will only really know when your Radius Server administrator comes back, so you can see the logs.  Anything else would be guessing, unfortunately.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 124
Registered: ‎09-10-2012

Re: New Local Radius/dot1x

I can appreciate that.

 

Thanks,

 

Rafael

Search Airheads
Showing results for 
Search instead for 
Did you mean: