Wireless Access

Hi

We have a partner that uses our WiFi, they have X2 SSID's setup for X2 seperate RADIUS servers using 802.1X.

They have made a change which stopped users authenticated to either RADIUS server? They rolled back the change and can acces one server using one SSID but not the other?

Logs say - Dropping the radius server packet

                 Authentication Server Out of Service

                 Request timeout

I can ping both RADIUS servers from the controller, they say they cant see any logs on one the servers from the controller?

I beleive they added a request forwarder from one RADIUS server to the other older leagcy NPS. 

They say they have rolled back this as it caused a problem, however one of the SSID's are no longer sending RADIUS request?

I have no visability of their server or network!

They need to look at the Radius Server and see if  it is getting radius requests from an unknown radius client.  They would have to correct the radius client address on the radius server...

Hi

They say they are not receiving any RADIUS requests, they can only see when I ping?

How can I test traffic is reaching them?

You could install wireshark on the radius server and do a packet capture to see if any radius traffic is being received.

Hi

They won't do that as they say they cant see traffic on their firewall which is connected to our controller?

Debug logs show authentication timeout messages, RADIUS Server is up, back in service and down for 10 mins?

They should reenter the radius server key on both ends to make sure it is working.  Without having access to their system it is difficult to troubleshoot, because it could be anything?  Is there a firewall between the radius server and the controller?

Yes they have a firewall connected to our controller, so they say they cant see any traffic going to their RADIUS server?

I can only see failed messages on the controller!

Yes it is very difficult to troubleshoot, the problem only occured when tehy mad a change to add a forwarder now roled back only working on one SSID and RADIUS?

Did they change anything on the controller?  Type "show audit-trail" to see what was changed...

Hi

No they dont have access to the contoller only I do and I have not made any changes?

They are asking for us to prove traffic is going from the controller to their firewall! This works on their 2nd SSID and RADIUS server?

Could this forwarder be having an impact still trying to send to the other server?

Logs on the controller do show fails to the original server?

Hi 

Users are now suddenly connecting to both RADIUS servers ok? Could there be an issue with load?

Other users could be logging off the WiFi on other SSID's being Fri afternoon and now the users are connecting using RADIUS?

Is there a way to do a health check to look into this?

Still not sure why working ok one one SSID not the other? now ok on both?

Need to see what happens on Monday morning? Could a reboot help or do you think this is not a controller issue?

The best way to see the radius server status is by typing "show aaa authentication-server statistics" to see if servers have been up/down or not responding to packets.