Wireless Access

 View Only
last person joined: 19 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Authentuication to RADIUS server Error

Jump to Best Answer
This thread has been viewed 4 times
  • 1.  Authentuication to RADIUS server Error

    Posted Jan 18, 2016 02:19 AM

    Hi All,

     

    I have installed Aruba 205 AP & Controller 7010,

    I Configured 4 Role

    Role 1 using VLAN 112

    Role 2 using VLAN 113

    Role 3 using VLAN 114

    Role 4 using VLAN 116

     

    When i try to connect to WLAN by user in Radius Server , i can't connect when i using role 4 with VLAN 116 by Laptop/PC, but i can connect normally when i using Phone Celullar,and if i change the VLAN of this role using VLAN 112,113 or 114, i can connect to WLAN normally. Do you have any advise for this case ?

     

    Kindly need your help,

     

    Thank you in advance


    #AP205


  • 2.  RE: Authentuication to RADIUS server Error

    MVP
    Posted Jan 18, 2016 07:56 AM

    We realy need more info to figure this out I'm affraid. Here's some stuff you can do to start troubleshooting this.

     

    You say you cannot connect with the pc whereas the phone doesnt give you issues.

    Are you using the same username/passwd to test on both devices?

    Does the pc fail or pass authentication? Check you radius server event log.

    If it fails, does the radius log mention why? On the Aruba side, check with "show auth-tracebuf mac <mac-addr>" what is happening. You can also configure debugging for that pc: logging level debugging user-debug <mac-addr>". Try authenticating and check the debug log: "show log user-debug all". 

    If it succeeds, do you see the user in the station-table (show station-table) but not in the user-table (show user-table)? Might be a dhcp issue.

    Does it work for the pc if you set a fixed vlan for the ssid and return only a radius-accept?

     

    What attributes are you returning? 

    Configurting the vlan inside/on the user-role is apparently scheduled to be removed. Preferably you would simply return both Aruba-User-Role and Aruba-User-Vlan attributes.

    Do you have machine authentication active for the pc? Enforce machine auth will seriously mess with (ignore) radius attributes. 

     



  • 3.  RE: Authentuication to RADIUS server Error

    Posted Jan 18, 2016 08:54 AM

    It looks to me like Role assignment works fine, but not if the role is assigned VLAN 116.

    Make sure that VLAN 116 works properly; DHCP, routing etc. is working here.. Do that by just making a PSK ssid configured with authenticated role and VAP set to VLAN 116 and see if that works..

     

     

     

     



  • 4.  RE: Authentuication to RADIUS server Error
    Best Answer

    Posted Jan 18, 2016 10:57 PM

    I used the same username and pasword between phone and Laptop, but when i connect to WLAN with Laptop sometimes could sometimes not,  when i can't connect i got other ip on other VLAN, IP shown on monitoring dashboard is diffrent with IP shown on laptop

     

    I have 2 Controller,

    1. Old Controller  (650) 5.x.x

    2. New Controller (7010) OS 6.4.2.14

     

    I configured with same configuration between Old controller and New Controller.

    On Old Controller, I can Connect normally,

    but when i used new controller, i got error.

     

    I attached the Configuration Old Controller and New Controller.

     

    Kindly need your help to problem solving this case.

     

    Thank you in advance

    Attachment(s)

    txt
    New Controller ( 7010).txt   52 KB 1 version
    txt
    Old Controller (650).txt   38 KB 1 version


  • 5.  RE: Authentuication to RADIUS server Error

    EMPLOYEE
    Posted Jan 19, 2016 01:46 AM

    What SSID are you connecting to?

    What error do you get?

     



  • 6.  RE: Authentuication to RADIUS server Error
    Best Answer

    Posted Jan 19, 2016 01:49 AM

    SAMAN 1 and SAMAN 2,

     

    I can't connect by SATELITE group, but when i change VLAN on Satelite-role. i can connect normally on new controller.



  • 7.  RE: Authentuication to RADIUS server Error
    Best Answer

    Posted Jan 19, 2016 03:24 AM

    Again - VLAN 116.. If it works when you change the VLAN of the role to something else, then that is where you should focus your troubleshooting. Is the VLAN 116 defined on the trunk where you have the Controller connected?

     

    The config's are very similiar.

     

    While you're working with this - try cleaning up that ACL a bit..

    Like.. Why would you do:

    any any svc-dhcp permit

       -- and later do:

    any alias dhcp_server svc-dhcp  permit

     

    The first makes the second moot.

     

    Anyways - verify the VLAN 116 is defined on the trunkport ON the switch (as I see that it's allowed on the Controller trunk)