Wireless Access

last person joined: 11 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Radius time out connxtion issue

This thread has been viewed 2 times

  • 1.  Radius time out connxtion issue

    Posted Dec 07, 2017 08:49 AM

    Hi , I had a problem with a 3400 controller , the OS istalled is 5.0 and configured with a 802.1x witch works well with radius server on 2008R2.
    When I upgraded the controller to version 6.4.0. the 802.1x doesen't work , the first thing I done is to test the radius server from the controller , (on diagnostic , AAA server section)
    the message I got is "connexion time out" , when I rebooted the controller on the partition with AOS 5 all works fine.
    Is there someone who had the same issue , what can be the reason of this.
    Thanks a lot.



  • 2.  RE: Radius time out connxtion issue

    Posted Dec 07, 2017 09:03 AM
    Do you have termination enabled ?

    Get Outlook for iOS


  • 3.  RE: Radius time out connxtion issue

    Posted Dec 07, 2017 10:21 AM

    Hi Victor , yes termination is enabled.

    It is the same configuration on the AOS 5 and works fine.

     



  • 4.  RE: Radius time out connxtion issue

    Posted Dec 07, 2017 10:28 AM
    It is best practice to do the termination on the RADIUS server and not on the controller .

    You should either purchase/install a third party cert or use your internal PKI to generate/install one on your RADIUS server.

    Of course if you do this all your wireless will need to access the new certificate.


  • 5.  RE: Radius time out connxtion issue

    Posted Dec 07, 2017 10:59 AM

    Thank you Victor for your reply , I must diagnose deeply at my client
    but I dont unterstand why all is fine with the old AOS,
    Is there somme parameters added on the new AOS wich must be configured for the radius server or server group ?

    Thank you.



  • 6.  RE: Radius time out connxtion issue

    Posted Dec 07, 2017 11:49 AM
    Please take a look at this article
    https://community.arubanetworks.com/t5/Controller-Based-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Controllers/ta-p/275809


    Get Outlook for iOS


  • 7.  RE: Radius time out connxtion issue

    Posted Dec 09, 2017 04:28 AM

    Hi Victor , thak you for the link , you mean that the upgrade causes a certificate revocation and we must recreate a new certificate ?
    An other information that I missed , the controller is a master and tne backup is down , is there any impact if ther is only the master in production.
    Other thing , the client connect to the ssid without certificate (certificate was created on the 2008 server).
    Thanks for your help.



  • 8.  RE: Radius time out connxtion issue

    Posted Dec 15, 2017 04:52 AM

    Hi Victor , i was at my client site for more dignostics and I noted that there is no certificate service role installed on his 2008R2 server and then no CA issued. Now Im sure that the installation of a CA and disabling termination will resolve their problem. my question is , is there any impact on their infrastructure like AD access or Exchange with installing the role and CA ?
    the client is affraid by this idea.
    Thanks a lot.