Wireless Access

Reply
Occasional Contributor I

Setting up network on Aruba Instant with Active Directory authentication

Hello all,

Lately I've been trying to set up a network through Aruba Instant with a RADIUS authentication server. I have tried various means of getting it to work but without any luck. The problems I am facing is that no matter what IP I give the authentication server, I receive an error telling me that the authentication server is down. Looking in the event viewer on the windows 2012 server I get the following error. Screenshot_2.pngAny help from here would be appreaciated. I hope I just overlooked something :) 

Guru Elite

Re: Setting up network on Aruba Instant with Active Directory authentication

Change your radius client ip address on the NPS server to 192.168.20.5

 

EDIT  Set a Virtual IP on your instant cluster and enable dynamic radius proxy on your IAP and set the radius client ip address on the NPS server to that ip address.

http://community.arubanetworks.com/t5/Controller-less-WLANs/IAP-Dynamic-radius-proxy-ip-configuration-and-troubleshooting/ta-p/175248

 

 

 

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: Setting up network on Aruba Instant with Active Directory authentication

That would be the same as changing the IP on the NPS for the RADIUS Client right? I am getting the following error in Instant as usual: "Authentication Server SaxoAD with ip 192.168.20.5 is down"Screenshot_3.png

Guru Elite

Re: Setting up network on Aruba Instant with Active Directory authentication

No.  We are talking about two different things.

 

1- The ip address of the radius server will not change and needs to be configured in the radius server configuration for the IAP.

 

2-The Virtual ip address is an available high availability ip address on the Instant AP subnet that is chosen that will be the source of all radius traffic leaving the instant cluster, when you enable dynamic radius proxy.  If you don't choose a Virtual IP address and enable DRP, the radius server will see the source ip address as the ip address of the AP is currently on.  You would have to enter all ip addresses of your Instant APs as radius clients on the NPS server.  (1) Setting a Virtual ip address and (2) Enable Dynamic Radius Proxy will allow you to enter the Virtual IP address of the instant cluster as the radius client ip address on your NPS server and have all radius traffic come from a single ip address.  That Virtual ip address needs to be an unused ip address on the same subnet as your instant aps.

 

I hope that makes sense...

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: Setting up network on Aruba Instant with Active Directory authentication

So the virtual controller IP is not the same as the virtual ip address? Could you possibly tell me exactly what I would have to do solve this problem? Thanks

Guru Elite

Re: Setting up network on Aruba Instant with Active Directory authentication

You have things configured correctly in your screenshots.  Is there a firewall between the IAPs and the radius server?

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************

Re: Setting up network on Aruba Instant with Active Directory authentication

Sorry for maybe asking some stupid questions, but after reading I don't get the full overview.

 

What is the IP of your Instant AP?

What is the IAP virtual controller IP? 192.168.20.5?

What is the IP address of your NPS server?

Did you put in that IP address as the RADIUS server in your Instant AP?

Have you reloaded/restarted the NPS service after you added the IAP VC address as RADIUS client?

 

Can you screenshot the message: "Authentication Server SaxoAD with ip 192.168.20.5 is down"? Where is that displayed? I would expect the IP address of your NPS server.

 

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor I

Re: Setting up network on Aruba Instant with Active Directory authentication

Hey again, I have a total of 5 AP's in Instant. Their IP's are 192.168.20.71, 192.168.20.83, 192.168.20.66, 192.168.20.180 and 192.168.20.63
The IP of the IAP VC is 192.168.20.5
The IP of the NPS server is 192.168.20.100 and yes, I did enter that as the IP adress of the RADIUS server in Instant as the authentication server. Should I do anything about my AP's and the NPS server IP? I attached a screenshot of the configuration of the AP. 
I have also attached a screenshot of the errors I receive. They are shown in the alert bar of the AP's in Instant. Lastly, the only thing I have done with the NPS Server except adding a RADIUS server is shown in the last screenshot.I both registered the server in my AD and stopped and started it, as far as restarting goes.

 

AP.pngAP2.pngNPS.png

Colin, as far as I can tell, the Firewall rules of my Windows Server doesn't seem to be in the way. Do you by any chance have an idea of what or which rules would be obstructing the connection?

Thanks

Occasional Contributor I

Re: Setting up network on Aruba Instant with Active Directory authentication

Hey again, I have a total of 5 AP's in Instant. Their IP's are 192.168.20.71, 192.168.20.83, 192.168.20.66, 192.168.20.180 and 192.168.20.63
The IP of the IAP VC is 192.168.20.5
The IP of the NPS server is 192.168.20.100 and yes, I did enter that as the IP adress of the RADIUS server in Instant as the authentication server. Should I do anything about my AP's and the NPS server IP? I attached a screenshot of the configuration of the AP. 
I have also attached a screenshot of the errors I receive. They are shown in the alert bar of the AP's in Instant. Lastly, the only thing I have done with the NPS Server except adding a RADIUS server is shown in the last screenshot.I both registered the server in my AD and stopped and started it, as far as restarting goes.

 

AP.pngAP2.pngNPS.png

Thanks

Occasional Contributor I

Re: Setting up network on Aruba Instant with Active Directory authentication

Hey again, I have a total of 5 AP's in Instant. Their IP's are 192.168.20.71, 192.168.20.83, 192.168.20.66, 192.168.20.180 and 192.168.20.63
The IP of the IAP VC is 192.168.20.5
The IP of the NPS server is 192.168.20.100 and yes, I did enter that as the IP adress of the RADIUS server in Instant as the authentication server. Should I do anything about my AP's and the NPS server IP? I attached a screenshot of the configuration of the AP. 
I have also attached a screenshot of the errors I receive. They are shown in the alert bar of the AP's in Instant. Lastly, the only thing I have done with the NPS Server except adding a RADIUS server is shown in the last screenshot.I both registered the server in my AD and stopped and started it, as far as restarting goes.

 

AP.pngAP2.pngNPS.png

Thanks

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: