Wireless Access

Reply
Contributor II
Posts: 55
Registered: ‎03-03-2011

Airgroup Radius Packets - Wrong Source

We are in the process of setting up Airgroup on our test controller running 6.3.1.2.  We've noticed that even though our system settings on the controller are setup to send all radius packets from our loopback address, it seems that the Airgroup radius packets are getting sent from the VRRP address of the controller.

 

We noticed this since we only had the loopback of the controller setup in our clearpass radius server.

 

Has anyone else noticed this behaviour?  Is it a bug?

 

- Zachary

Guru Elite
Posts: 21,259
Registered: ‎03-29-2007

Re: Airgroup Radius Packets - Wrong Source

The nas-ip parameter is something that is user-configurable in the Radius definition on the Aruba Controller.  Check to see if that is something that is configured to the VRRP.  If so, remove it and see if that changes.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 55
Registered: ‎03-03-2011

Re: Airgroup Radius Packets - Wrong Source

I do have my source interface configured:

 

ip radius source-interface loopback

 

... so this is why I'm saying that the airgroup radius packets are ignoring this config entry

Guru Elite
Posts: 21,259
Registered: ‎03-29-2007

Re: Airgroup Radius Packets - Wrong Source

That is not what I am talking about.  In each radius server, you can define a nas-ip:.  That could be overriding your source interface parameter.  Please check:

 

nas.PNG



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 55
Registered: ‎03-03-2011

Re: Airgroup Radius Packets - Wrong Source

I checked that and there is nothing configured in the NAS IP or Source Interface field of the radius server configuration.

Guru Elite
Posts: 21,259
Registered: ‎03-29-2007

Re: Airgroup Radius Packets - Wrong Source

Where is the radius message that says it is comin from the wrong interface?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 55
Registered: ‎03-03-2011

Re: Airgroup Radius Packets - Wrong Source

In my clearpass setup, I had only configured the loopback of my controller as a valid radius client.  When I was setting up airgroup, I noticed that I wasn't seeing the request come in so when I went into my clearpass event viewer, I saw the radius requests coming in from an 'unknown host' which turned out to be the ip address of the vrrp interface on my controller.

Guru Elite
Posts: 21,259
Registered: ‎03-29-2007

Re: Airgroup Radius Packets - Wrong Source

Please open up a case with TAC.  thank you.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎10-28-2013

Re: Airgroup Radius Packets - Wrong Source

I'm currently experiencing this same problem although perhaps slightly different, running 

6.3.1.2 as well.

 

I have noticed that regardless of entering system settings on the controller to send all radius packets from a specific VLAN, or as cjoseph suggested setting the nas-ip parameter. All Airgroup radius packets are coming from the incorrect VRRP address.

 

I also stumbled upon this because only one of the VRRP addresses had been setup in our clearpass radius server.

 

Currently the controllers have two vrrp addresses a 10.16.x.x for corporate and a 192.168.x.x for guest/dmz. For some strange reason the corporate clients (10.16.x.x) requests are coming from the 192.168.x.x address and I can't seem to change it.

 

Did you have any luck with raising a case mzac?

 

Thanks for the help.

 

-Liam

Guru Elite
Posts: 21,259
Registered: ‎03-29-2007

Re: Airgroup Radius Packets - Wrong Source

The source interface of the radius packets are configured below:   It is never the VRRP, by default:

 

source.png



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: