Security

Reply
Occasional Contributor II
Posts: 13
Registered: ‎05-22-2015

Radius auth timeout from client but not for controller

Hi all,

    i'm facing with a new deployment with IAP-103, a couple of 7210 Controller and a Radius server based on a Win2k8.

Testing the radius authentication with my client I cannot the the request in the server log and the Controller return to me logs with timeout messages.

If I make the "AAA test server" from the controller everything works fine.

To make another test I connected a single IAP205 in autonomous mode and I configured it to call directly the radius server but the situation is the same: the client fall in timeout but the test made in SSH on AP works.

The attempts from the client aren't showed in the Radius server logs, the attempts from the controller/ap yes.

Just another test: I configured a switch to call the Radius server for the admin management, the user doesn't have the right attributes, but the request are correctly showed on the server log.

Any idea?

 

thanks in advance

Guru Elite
Posts: 7,842
Registered: ‎09-08-2010

Re: Radius auth timeout from client but not for controller

Drivers and/or certificate issues are generally the cause of this.

Are you doing EAP-PEAP or EAP-TLS? Is your RADIUS server very focused publicly or privately signed?


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 13
Registered: ‎05-22-2015

Re: Radius auth timeout from client but not for controller

Hi Tim,

    I'm trying to do EAP-PEAP auth with MS-CHAPv2, I have disabled the check of the server certificate.

thanks

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Radius auth timeout from client but not for controller

KagtdaDoss,

 

You would need the output of "show auth-tracebuf client-mac <mac address of client>" to see the radius packets going back and forth.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 13
Registered: ‎05-22-2015

Re: Radius auth timeout from client but not for controller

attached

 

thanks

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Radius auth timeout from client but not for controller

What is the operating system of this client, and what wireless card model is it?

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 13
Registered: ‎05-22-2015

Re: Radius auth timeout from client but not for controller

I have tried with a Win7 with a Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC, if you think is a driver/OS problem I can try with other laptop...

 

thanks

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Radius auth timeout from client but not for controller

Have you tried with a mobile device like an iPhone or Android phone?  Those would get on the network more easily.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 13
Registered: ‎05-22-2015

Re: Radius auth timeout from client but not for controller

My colleague tried with a Win8 and fail the authentication (timeout), his own win8 works in other deployment also with radius and Instant at the same firmware version.

Yesterday we have tried the atuhentication via controller and via a single istant too with the same result.

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Radius auth timeout from client but not for controller

Who installed the radius server certificate on the Server and what CA was it issued from?

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: