Security

Reply
Occasional Contributor II
Posts: 22
Registered: ‎11-21-2011

Testing RADIUS auth on local controller show aaa server timeout but ping to the radius is very well

Hi everyone;

 

 

User connected on local controllers can't authenticate to the RADIUS server and testing on the local controller show AAA server time out message, but We have tested with ping and tracer and the times are very well to the RADIUS server,  the users connected to the master controller doesn't have any problem with the same RADIUS authentication.

 

 

Do you have any idea for testing about this issue??'

 

 

Thank you very much.

 

 

Wilson

Guru Elite
Posts: 19,972
Registered: ‎03-29-2007

Re: Testing RADIUS auth on local controller show aaa server timeout but ping to the radius is very w

You probably need to add the ip address of the local controller as a RADIUS CLIENT on the radius server.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Aruba Employee
Posts: 455
Registered: ‎04-02-2007

Re: Testing RADIUS auth on local controller show aaa server timeout but ping to the radius is very w

LIkely a mis-match in the IP the RADIUS request is being sourced from vs. what your RADIUS server expects to see in your config. You might also try re-entering your key on both sides for that server just to be sure they were entered correctly.

 

-awl

Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Occasional Contributor II
Posts: 22
Registered: ‎11-21-2011

Re: Testing RADIUS auth on local controller show aaa server timeout but ping to the radius is very w

Hi cjoseph,

 

This configuration was workign well. the local controller is configured as a RADIUS client on the radius server.

 

 

Thank you  for your  help.

Guru Elite
Posts: 19,972
Registered: ‎03-29-2007

Re: Testing RADIUS auth on local controller show aaa server timeout but ping to the radius is very w

If it is not working, then it is not working well ;)  You need to check the eventviewer on the Radius server to see why it is not answering.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 22
Registered: ‎11-21-2011

Re: Testing RADIUS auth on local controller show aaa server timeout but ping to the radius is very w

Hi awl;

 

we have checked the key on both controllers and We have changed it for testing but the issue is present..

 

 

Thank you for your help

 

 

 

wilson

Guru Elite
Posts: 19,972
Registered: ‎03-29-2007

Re: Testing RADIUS auth on local controller show aaa server timeout but ping to the radius is very w


wmontilla wrote:

Hi awl;

 

we have checked the key on both controllers and We have changed it for testing but the issue is present..

 

 

Thank you for your help

 

 

 

wilson


Wmontilla,

 

You cannot change the key on the local.  That value is automatically propagated.  The only place you can change it is on the radius server and it should be the same for both radius clients.  The event viewer on the NPS server should say if it is dropping packets due to an unknown radius client.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
MVP
Posts: 470
Registered: ‎05-11-2011

Re: Testing RADIUS auth on local controller show aaa server timeout but ping to the radius is very w

A few things I've found when working with Amigopod:

 

  • Controller / Diagnostics - AAA Test Server is your friend. Easy to check for "timeout" or "authentication failed" when troubleshooting.
  • Amigopod / Radius / Server Control gives a quick win overview for Radius authentication issues (Log snapshot)
  • Pinging from Controller to Amigopod is not enough. Radius /udp:1812 (+Radius Accounting UDP:1813) have to be opened in FW as well.
  • You have to add the Controller as NAS device on Amigopod/Radius. To make sure you enter the Shared Secret correctly on both Controller and Amigopod then copy/paste helps avoid those typo's..
  • In environments with VRRP it's not enough to add the VIP as NAS device - you have to add all controller IP's as NAS devices on Amigopod.
  • Don't forget to update server group on Captive Portal profile! Everything looks correct, except you'll always get "Authentication failed" on Amigopod CP...

.. John

Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
Showing results for 
Search instead for 
Did you mean: