Wireless Access

Reply
Highlighted
Occasional Contributor I

Radius time out connxtion issue

Hi , I had a problem with a 3400 controller , the OS istalled is 5.0 and configured with a 802.1x witch works well with radius server on 2008R2.
When I upgraded the controller to version 6.4.0. the 802.1x doesen't work , the first thing I done is to test the radius server from the controller , (on diagnostic , AAA server section)
the message I got is "connexion time out" , when I rebooted the controller on the partition with AOS 5 all works fine.
Is there someone who had the same issue , what can be the reason of this.
Thanks a lot.

Re: Radius time out connxtion issue

Do you have termination enabled ?

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Architect
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I

Re: Radius time out connxtion issue

Hi Victor , yes termination is enabled.

It is the same configuration on the AOS 5 and works fine.

 

Re: Radius time out connxtion issue

It is best practice to do the termination on the RADIUS server and not on the controller .

You should either purchase/install a third party cert or use your internal PKI to generate/install one on your RADIUS server.

Of course if you do this all your wireless will need to access the new certificate.
Thank you

Victor Fabian
Lead Mobility Architect
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I

Re: Radius time out connxtion issue

Thank you Victor for your reply , I must diagnose deeply at my client
but I dont unterstand why all is fine with the old AOS,
Is there somme parameters added on the new AOS wich must be configured for the radius server or server group ?

Thank you.

Re: Radius time out connxtion issue

Please take a look at this article
https://community.arubanetworks.com/t5/Controller-Based-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Controllers/ta-p/275809


Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Architect
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I

Re: Radius time out connxtion issue

Hi Victor , thak you for the link , you mean that the upgrade causes a certificate revocation and we must recreate a new certificate ?
An other information that I missed , the controller is a master and tne backup is down , is there any impact if ther is only the master in production.
Other thing , the client connect to the ssid without certificate (certificate was created on the 2008 server).
Thanks for your help.

Occasional Contributor I

Re: Radius time out connxtion issue

Hi Victor , i was at my client site for more dignostics and I noted that there is no certificate service role installed on his 2008R2 server and then no CA issued. Now Im sure that the installation of a CA and disabling termination will resolve their problem. my question is , is there any impact on their infrastructure like AD access or Exchange with installing the role and CA ?
the client is affraid by this idea.
Thanks a lot.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: