Wireless Access

Reply
Contributor II
Posts: 41
Registered: ‎12-01-2015

Authentuication to RADIUS server Error

Hi All,

 

I have installed Aruba 205 AP & Controller 7010,

I Configured 4 Role

Role 1 using VLAN 112

Role 2 using VLAN 113

Role 3 using VLAN 114

Role 4 using VLAN 116

 

When i try to connect to WLAN by user in Radius Server , i can't connect when i using role 4 with VLAN 116 by Laptop/PC, but i can connect normally when i using Phone Celullar,and if i change the VLAN of this role using VLAN 112,113 or 114, i can connect to WLAN normally. Do you have any advise for this case ?

 

Kindly need your help,

 

Thank you in advance

MVP
Posts: 777
Registered: ‎03-25-2009

Re: Authentuication to RADIUS server Error

We realy need more info to figure this out I'm affraid. Here's some stuff you can do to start troubleshooting this.

 

You say you cannot connect with the pc whereas the phone doesnt give you issues.

Are you using the same username/passwd to test on both devices?

Does the pc fail or pass authentication? Check you radius server event log.

If it fails, does the radius log mention why? On the Aruba side, check with "show auth-tracebuf mac <mac-addr>" what is happening. You can also configure debugging for that pc: logging level debugging user-debug <mac-addr>". Try authenticating and check the debug log: "show log user-debug all". 

If it succeeds, do you see the user in the station-table (show station-table) but not in the user-table (show user-table)? Might be a dhcp issue.

Does it work for the pc if you set a fixed vlan for the ssid and return only a radius-accept?

 

What attributes are you returning? 

Configurting the vlan inside/on the user-role is apparently scheduled to be removed. Preferably you would simply return both Aruba-User-Role and Aruba-User-Vlan attributes.

Do you have machine authentication active for the pc? Enforce machine auth will seriously mess with (ignore) radius attributes. 

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
MVP
Posts: 520
Registered: ‎05-11-2011

Re: Authentuication to RADIUS server Error

It looks to me like Role assignment works fine, but not if the role is assigned VLAN 116.

Make sure that VLAN 116 works properly; DHCP, routing etc. is working here.. Do that by just making a PSK ssid configured with authenticated role and VAP set to VLAN 116 and see if that works..

 

 

 

 


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Contributor II
Posts: 41
Registered: ‎12-01-2015

Re: Authentuication to RADIUS server Error

I used the same username and pasword between phone and Laptop, but when i connect to WLAN with Laptop sometimes could sometimes not,  when i can't connect i got other ip on other VLAN, IP shown on monitoring dashboard is diffrent with IP shown on laptop

 

I have 2 Controller,

1. Old Controller  (650) 5.x.x

2. New Controller (7010) OS 6.4.2.14

 

I configured with same configuration between Old controller and New Controller.

On Old Controller, I can Connect normally,

but when i used new controller, i got error.

 

I attached the Configuration Old Controller and New Controller.

 

Kindly need your help to problem solving this case.

 

Thank you in advance

Guru Elite
Posts: 21,279
Registered: ‎03-29-2007

Re: Authentuication to RADIUS server Error

What SSID are you connecting to?

What error do you get?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 41
Registered: ‎12-01-2015

Re: Authentuication to RADIUS server Error

SAMAN 1 and SAMAN 2,

 

I can't connect by SATELITE group, but when i change VLAN on Satelite-role. i can connect normally on new controller.

MVP
Posts: 520
Registered: ‎05-11-2011

Re: Authentuication to RADIUS server Error

Again - VLAN 116.. If it works when you change the VLAN of the role to something else, then that is where you should focus your troubleshooting. Is the VLAN 116 defined on the trunk where you have the Controller connected?

 

The config's are very similiar.

 

While you're working with this - try cleaning up that ACL a bit..

Like.. Why would you do:

any any svc-dhcp permit

   -- and later do:

any alias dhcp_server svc-dhcp  permit

 

The first makes the second moot.

 

Anyways - verify the VLAN 116 is defined on the trunkport ON the switch (as I see that it's allowed on the Controller trunk)


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
Showing results for 
Search instead for 
Did you mean: