01-19-2016 02:16 AM
We've just had a carastrophic failure of our clearpas cluster where all members processing authenticatino requests stopped with errors about invalid shared secrets. Our mobility controllers are configured to use a radius server group with a numbers of members
1). Clearpass cluster load balanced by our F5 boxes ( VIP 1)
2). Freeradius cluster load balanced by our F5 boxes.(VIP 2)
It looks as if the clearpass cluster members gradually dropped off 1 by one untill they were all dead. What I'm trying to find out is when our mobility controllers decided to switch over to using the freeraidus.
Is this possible from a mobility controller CLI or via airwave?
01-19-2016 06:18 AM
If you type show log error all, it might tell you when each server got marked out of service. Depending on how busy your server is, it might have rolled out of that log and you would have to look in your external syslog, for the word "Service" if you have it already configured. Below is what you would see:
authmgr: <520002> <ERRS> |authmgr| Authentication server request Timeout, username=TSStudent userip=0.0.0.0 usermac=24:e9:6a:37:9c:71 servername= TOWNDC serverip= 192.168.12.11 bssid=04:bd:88:b3:f7:82 apname=1stfloor authmgr: <520002> <ERRS> |authmgr| Authentication server request Timeout, username=TSStudent userip=0.0.0.0 usermac=24:e9:6a:33:81:63 servername= TOWNDC serverip= 192.168.12.11 bssid=04:bd:88:b3:f7:92 apname=1stfloor authmgr: <522276> <ERRS> |authmgr| Authentication Server Out Of Service while serving request. servername=TOWNDC serverip=188.8.131.52 username=TSStudent userip=0.0.0.0 usermac=94:e9:6a:33:81:63 bssid=04:bd:
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base