Security

Hi everyone;

User connected on local controllers can't authenticate to the RADIUS server and testing on the local controller show AAA server time out message, but We have tested with ping and tracer and the times are very well to the RADIUS server,  the users connected to the master controller doesn't have any problem with the same RADIUS authentication.

Do you have any idea for testing about this issue??'

Thank you very much.

Wilson

LIkely a mis-match in the IP the RADIUS request is being sourced from vs. what your RADIUS server expects to see in your config. You might also try re-entering your key on both sides for that server just to be sure they were entered correctly.

-awl

Hi awl;

we have checked the key on both controllers and We have changed it for testing but the issue is present..

Thank you for your help

wilson

---

@wmontilla wrote:

Hi awl;

 

we have checked the key on both controllers and We have changed it for testing but the issue is present..

 

 

Thank you for your help

 

 

 

wilson

---

Wmontilla,

You cannot change the key on the local.  That value is automatically propagated.  The only place you can change it is on the radius server and it should be the same for both radius clients.  The event viewer on the NPS server should say if it is dropping packets due to an unknown radius client.

A few things I've found when working with Amigopod:

• Controller / Diagnostics - AAA Test Server is your friend. Easy to check for "timeout" or "authentication failed" when troubleshooting.
• Amigopod / Radius / Server Control gives a quick win overview for Radius authentication issues (Log snapshot)
• Pinging from Controller to Amigopod is not enough. Radius /udp:1812 (+Radius Accounting UDP:1813) have to be opened in FW as well.
• You have to add the Controller as NAS device on Amigopod/Radius. To make sure you enter the Shared Secret correctly on both Controller and Amigopod then copy/paste helps avoid those typo's..
• In environments with VRRP it's not enough to add the VIP as NAS device - you have to add all controller IP's as NAS devices on Amigopod.
• Don't forget to update server group on Captive Portal profile! Everything looks correct, except you'll always get "Authentication failed" on Amigopod CP...

.. John

How to check port 1812/1813 UDP opened in FW. Could we test telnet using controller also?

You probably need to add the ip address of the local controller as a RADIUS CLIENT on the radius server.

Hi cjoseph,

This configuration was workign well. the local controller is configured as a RADIUS client on the radius server.

Thank you  for your  help.

If it is not working, then it is not working well ;)  You need to check the eventviewer on the Radius server to see why it is not answering.