Wireless Access

We have configured WPA2 Enterprise on IAP 325. But user got fail connections.
Authentication using external Radius. Shared key already same configure on Server.
How to check aaa authentication and create best configuration for IAP.

------------------------------
Idham Khaidir
------------------------------

Hi,

Do you have access to the Radius Server to check its configuration? Is the Radius server sending a reject?
What is the output of show auth-tracebuf mac  <MAC OF DEVICE>

------------------------------
Ayman Mukaddam
------------------------------

Original Message:
Sent: Nov 18, 2020 12:47 AM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP

We have configured WPA2 Enterprise on IAP 325. But user got fail connections.
Authentication using external Radius. Shared key already same configure on Server.
How to check aaa authentication and create best configuration for IAP.

------------------------------
Idham Khaidir
------------------------------

Hi Ayydam,

Please find below,

00:4e:35:ca:2b:e8# sh ap debug auth-trace-buf

Auth Trace Buffer
-----------------


Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 17 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 6
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 166
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 18 387
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 18 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 19 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 19 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 20 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 20 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 21 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 21 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 22 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 22 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 865
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 207
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 23 428
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 23 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 61
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 39
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 24 260
Jan 1 01:11:16 rad-reject <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 24 -
Jan 1 01:11:16 eap-failure <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 4 server rejected
Jan 1 01:11:23 station-up * c8:21:58:9e:0a:93 00:4e:35:22:be:90 - - wpa2 aes
Jan 1 01:11:23 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 01:11:23 eap-start -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 - -
Jan 1 01:11:23 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 01:11:28 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 01:11:33 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 01:11:38 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 01:11:40 eap-id-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 21 wireless\gallery
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 25 211
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 25 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 6
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 166
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 26 381
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 26 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 6
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 27 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 27 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 6

Auth Trace Buffer
-----------------


Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 28 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 28 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 6
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 29 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 29 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 6
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 30 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 30 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 865
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 207
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 31 422
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 31 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 61
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 39
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 32 254
Jan 1 01:11:40 rad-reject <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 32 -
Jan 1 01:11:40 eap-failure <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 4 server rejected
Jan 1 02:07:06 station-up * c8:21:58:9e:0a:93 00:4e:35:22:be:91 - - wpa2 aes
Jan 1 02:07:06 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 1 5
Jan 1 02:07:06 eap-start -> c8:21:58:9e:0a:93 00:4e:35:22:be:91 - -
Jan 1 02:07:06 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 1 5
Jan 1 02:07:11 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 1 5
Jan 1 02:07:16 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 5
Jan 1 02:07:20 eap-id-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 27 wireless\idham.khaidir
Jan 1 02:07:20 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 222
Jan 1 02:07:20 rad-reject <- c8:21:58:9e:0a:93 00:4e:35:22:be:91/warid 2 -
Jan 1 02:07:20 eap-failure <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 4 server rejected
Jan 1 02:07:27 station-up * c8:21:58:9e:0a:93 00:4e:35:22:be:90 - - wpa2 aes
Jan 1 02:07:27 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 02:07:27 eap-start -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 - -
Jan 1 02:07:27 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 02:07:32 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 02:07:37 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 02:07:42 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 02:07:43 eap-id-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 27 wireless\idham.khaidir
Jan 1 02:07:43 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 33 223
Jan 1 02:07:43 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 33 -
Jan 1 02:07:43 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 6
Jan 1 02:07:43 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 166
Jan 1 02:07:43 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 34 387
Jan 1 02:07:44 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 34 -
Jan 1 02:07:44 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 1096
Jan 1 02:07:44 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 6
Jan 1 02:07:44 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 35 227
Jan 1 02:07:44 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 35 -
Jan 1 02:07:44 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 1096
Jan 1 02:07:44 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 6
Jan 1 02:07:44 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 36 227

------------------------------
Idham Khaidir
------------------------------

Original Message:
Sent: Nov 18, 2020 03:50 AM
From: Ayman Mukaddam
Subject: WPA2 Enterprise on IAP

Hi,

Do you have access to the Radius Server to check its configuration? Is the Radius server sending a reject?
What is the output of show auth-tracebuf mac  <MAC OF DEVICE>

------------------------------
Ayman Mukaddam

Original Message:
Sent: Nov 18, 2020 12:47 AM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP

We have configured WPA2 Enterprise on IAP 325. But user got fail connections.
Authentication using external Radius. Shared key already same configure on Server.
How to check aaa authentication and create best configuration for IAP.

------------------------------
Idham Khaidir
------------------------------

Jan 1 02:07:20 eap-failure <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 4 server rejected  <--------------

Find out what the radius server says in the logs for this reject and take it from there.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Nov 18, 2020 05:03 AM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP

Hi Ayydam,

Please find below,

00:4e:35:ca:2b:e8# sh ap debug auth-trace-buf

Auth Trace Buffer
-----------------


Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 17 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 6
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 166
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 18 387
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 18 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 19 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 19 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 20 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 20 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 21 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 21 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 22 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 22 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 865
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 207
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 23 428
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 23 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 61
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 39
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 24 260
Jan 1 01:11:16 rad-reject <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 24 -
Jan 1 01:11:16 eap-failure <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 4 server rejected
Jan 1 01:11:23 station-up * c8:21:58:9e:0a:93 00:4e:35:22:be:90 - - wpa2 aes
Jan 1 01:11:23 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 01:11:23 eap-start -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 - -
Jan 1 01:11:23 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 01:11:28 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 01:11:33 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 01:11:38 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 01:11:40 eap-id-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 21 wireless\gallery
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 25 211
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 25 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 6
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 166
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 26 381
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 26 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 6
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 27 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 27 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 6

Auth Trace Buffer
-----------------


Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 28 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 28 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 6
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 29 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 29 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 6
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 30 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 30 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 865
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 207
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 31 422
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 31 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 61
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 39
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 32 254
Jan 1 01:11:40 rad-reject <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 32 -
Jan 1 01:11:40 eap-failure <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 4 server rejected
Jan 1 02:07:06 station-up * c8:21:58:9e:0a:93 00:4e:35:22:be:91 - - wpa2 aes
Jan 1 02:07:06 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 1 5
Jan 1 02:07:06 eap-start -> c8:21:58:9e:0a:93 00:4e:35:22:be:91 - -
Jan 1 02:07:06 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 1 5
Jan 1 02:07:11 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 1 5
Jan 1 02:07:16 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 5
Jan 1 02:07:20 eap-id-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 27 wireless\idham.khaidir
Jan 1 02:07:20 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 222
Jan 1 02:07:20 rad-reject <- c8:21:58:9e:0a:93 00:4e:35:22:be:91/warid 2 -
Jan 1 02:07:20 eap-failure <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 4 server rejected
Jan 1 02:07:27 station-up * c8:21:58:9e:0a:93 00:4e:35:22:be:90 - - wpa2 aes
Jan 1 02:07:27 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 02:07:27 eap-start -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 - -
Jan 1 02:07:27 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 02:07:32 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 02:07:37 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 02:07:42 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 02:07:43 eap-id-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 27 wireless\idham.khaidir
Jan 1 02:07:43 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 33 223
Jan 1 02:07:43 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 33 -
Jan 1 02:07:43 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 6
Jan 1 02:07:43 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 166
Jan 1 02:07:43 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 34 387
Jan 1 02:07:44 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 34 -
Jan 1 02:07:44 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 1096
Jan 1 02:07:44 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 6
Jan 1 02:07:44 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 35 227
Jan 1 02:07:44 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 35 -
Jan 1 02:07:44 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 1096
Jan 1 02:07:44 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 6
Jan 1 02:07:44 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 36 227

------------------------------
Idham Khaidir

Original Message:
Sent: Nov 18, 2020 03:50 AM
From: Ayman Mukaddam
Subject: WPA2 Enterprise on IAP

Hi,

Do you have access to the Radius Server to check its configuration? Is the Radius server sending a reject?
What is the output of show auth-tracebuf mac  <MAC OF DEVICE>

------------------------------
Ayman Mukaddam

Original Message:
Sent: Nov 18, 2020 12:47 AM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP

We have configured WPA2 Enterprise on IAP 325. But user got fail connections.
Authentication using external Radius. Shared key already same configure on Server.
How to check aaa authentication and create best configuration for IAP.

------------------------------
Idham Khaidir
------------------------------

Hi,

Also, can you please check the time in your setup.. Try to use NTP if possible..

The logs show as Jan 1..

------------------------------
Ayman Mukaddam
------------------------------

Original Message:
Sent: Nov 18, 2020 07:22 AM
From: Colin Joseph
Subject: WPA2 Enterprise on IAP

Jan 1 02:07:20 eap-failure <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 4 server rejected  <--------------

Find out what the radius server says in the logs for this reject and take it from there.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Nov 18, 2020 05:03 AM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP

Hi Ayydam,

Please find below,

00:4e:35:ca:2b:e8# sh ap debug auth-trace-buf

Auth Trace Buffer
-----------------


Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 17 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 6
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 166
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 18 387
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 18 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 19 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 19 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 20 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 20 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 21 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 21 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 22 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 22 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 865
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 207
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 23 428
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 23 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 61
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 39
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 24 260
Jan 1 01:11:16 rad-reject <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 24 -
Jan 1 01:11:16 eap-failure <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 4 server rejected
Jan 1 01:11:23 station-up * c8:21:58:9e:0a:93 00:4e:35:22:be:90 - - wpa2 aes
Jan 1 01:11:23 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 01:11:23 eap-start -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 - -
Jan 1 01:11:23 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 01:11:28 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 01:11:33 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 01:11:38 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 01:11:40 eap-id-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 21 wireless\gallery
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 25 211
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 25 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 6
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 166
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 26 381
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 26 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 6
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 27 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 27 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 6

Auth Trace Buffer
-----------------


Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 28 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 28 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 6
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 29 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 29 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 6
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 30 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 30 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 865
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 207
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 31 422
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 31 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 61
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 39
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 32 254
Jan 1 01:11:40 rad-reject <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 32 -
Jan 1 01:11:40 eap-failure <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 4 server rejected
Jan 1 02:07:06 station-up * c8:21:58:9e:0a:93 00:4e:35:22:be:91 - - wpa2 aes
Jan 1 02:07:06 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 1 5
Jan 1 02:07:06 eap-start -> c8:21:58:9e:0a:93 00:4e:35:22:be:91 - -
Jan 1 02:07:06 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 1 5
Jan 1 02:07:11 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 1 5
Jan 1 02:07:16 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 5
Jan 1 02:07:20 eap-id-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 27 wireless\idham.khaidir
Jan 1 02:07:20 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 222
Jan 1 02:07:20 rad-reject <- c8:21:58:9e:0a:93 00:4e:35:22:be:91/warid 2 -
Jan 1 02:07:20 eap-failure <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 4 server rejected
Jan 1 02:07:27 station-up * c8:21:58:9e:0a:93 00:4e:35:22:be:90 - - wpa2 aes
Jan 1 02:07:27 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 02:07:27 eap-start -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 - -
Jan 1 02:07:27 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 02:07:32 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 02:07:37 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 02:07:42 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 02:07:43 eap-id-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 27 wireless\idham.khaidir
Jan 1 02:07:43 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 33 223
Jan 1 02:07:43 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 33 -
Jan 1 02:07:43 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 6
Jan 1 02:07:43 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 166
Jan 1 02:07:43 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 34 387
Jan 1 02:07:44 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 34 -
Jan 1 02:07:44 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 1096
Jan 1 02:07:44 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 6
Jan 1 02:07:44 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 35 227
Jan 1 02:07:44 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 35 -
Jan 1 02:07:44 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 1096
Jan 1 02:07:44 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 6
Jan 1 02:07:44 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 36 227

------------------------------
Idham Khaidir

Original Message:
Sent: Nov 18, 2020 03:50 AM
From: Ayman Mukaddam
Subject: WPA2 Enterprise on IAP

Hi,

Do you have access to the Radius Server to check its configuration? Is the Radius server sending a reject?
What is the output of show auth-tracebuf mac  <MAC OF DEVICE>

------------------------------
Ayman Mukaddam

Original Message:
Sent: Nov 18, 2020 12:47 AM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP

We have configured WPA2 Enterprise on IAP 325. But user got fail connections.
Authentication using external Radius. Shared key already same configure on Server.
How to check aaa authentication and create best configuration for IAP.

------------------------------
Idham Khaidir
------------------------------

We have test
00:4e:35:ca:2b:e8# aaa test-server dhcp-svr username gallery password Skl2014 auth-type pap
Radius server dhcp-svr test successfully
But we have tested SSID failed.

------------------------------
Idham Khaidir
------------------------------

Original Message:
Sent: Nov 18, 2020 03:50 AM
From: Ayman Mukaddam
Subject: WPA2 Enterprise on IAP

Hi,

Do you have access to the Radius Server to check its configuration? Is the Radius server sending a reject?
What is the output of show auth-tracebuf mac  <MAC OF DEVICE>

------------------------------
Ayman Mukaddam

Original Message:
Sent: Nov 18, 2020 12:47 AM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP

We have configured WPA2 Enterprise on IAP 325. But user got fail connections.
Authentication using external Radius. Shared key already same configure on Server.
How to check aaa authentication and create best configuration for IAP.

------------------------------
Idham Khaidir
------------------------------

You are testing with PAP authentication. You will need to set up and configure your RADIUS server to do EAP (EAP-TLS preferred) authentication for wireless clients.

What type of RADIUS server are you using? Please look up the documentation on how to configure that server for wireless client authentication.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
------------------------------

Original Message:
Sent: Nov 18, 2020 11:35 PM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP

We have test
00:4e:35:ca:2b:e8# aaa test-server dhcp-svr username gallery password Skl2014 auth-type pap
Radius server dhcp-svr test successfully
But we have tested SSID failed.

------------------------------
Idham Khaidir

Original Message:
Sent: Nov 18, 2020 03:50 AM
From: Ayman Mukaddam
Subject: WPA2 Enterprise on IAP

Hi,

Do you have access to the Radius Server to check its configuration? Is the Radius server sending a reject?
What is the output of show auth-tracebuf mac  <MAC OF DEVICE>

------------------------------
Ayman Mukaddam

Original Message:
Sent: Nov 18, 2020 12:47 AM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP

We have configured WPA2 Enterprise on IAP 325. But user got fail connections.
Authentication using external Radius. Shared key already same configure on Server.
How to check aaa authentication and create best configuration for IAP.

------------------------------
Idham Khaidir
------------------------------

We are using NPS on Windows server 2003. If we test using Controller with radius it's working fine.

------------------------------
Idham Khaidir
------------------------------

Original Message:
Sent: Nov 19, 2020 04:11 AM
From: Herman Robers
Subject: WPA2 Enterprise on IAP

You are testing with PAP authentication. You will need to set up and configure your RADIUS server to do EAP (EAP-TLS preferred) authentication for wireless clients.

What type of RADIUS server are you using? Please look up the documentation on how to configure that server for wireless client authentication.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.

Original Message:
Sent: Nov 18, 2020 11:35 PM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP

We have test
00:4e:35:ca:2b:e8# aaa test-server dhcp-svr username gallery password Skl2014 auth-type pap
Radius server dhcp-svr test successfully
But we have tested SSID failed.

------------------------------
Idham Khaidir

Original Message:
Sent: Nov 18, 2020 03:50 AM
From: Ayman Mukaddam
Subject: WPA2 Enterprise on IAP

Hi,

Do you have access to the Radius Server to check its configuration? Is the Radius server sending a reject?
What is the output of show auth-tracebuf mac  <MAC OF DEVICE>

------------------------------
Ayman Mukaddam

Original Message:
Sent: Nov 18, 2020 12:47 AM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP

We have configured WPA2 Enterprise on IAP 325. But user got fail connections.
Authentication using external Radius. Shared key already same configure on Server.
How to check aaa authentication and create best configuration for IAP.

------------------------------
Idham Khaidir
------------------------------

What does the radius server event viewer message say when it fails?  That will determine what your problem is.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Nov 20, 2020 08:11 AM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP

We are using NPS on Windows server 2003. If we test using Controller with radius it's working fine.

------------------------------
Idham Khaidir

Original Message:
Sent: Nov 19, 2020 04:11 AM
From: Herman Robers
Subject: WPA2 Enterprise on IAP

You are testing with PAP authentication. You will need to set up and configure your RADIUS server to do EAP (EAP-TLS preferred) authentication for wireless clients.

What type of RADIUS server are you using? Please look up the documentation on how to configure that server for wireless client authentication.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.

Original Message:
Sent: Nov 18, 2020 11:35 PM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP

We have test
00:4e:35:ca:2b:e8# aaa test-server dhcp-svr username gallery password Skl2014 auth-type pap
Radius server dhcp-svr test successfully
But we have tested SSID failed.

------------------------------
Idham Khaidir

Original Message:
Sent: Nov 18, 2020 03:50 AM
From: Ayman Mukaddam
Subject: WPA2 Enterprise on IAP

Hi,

Do you have access to the Radius Server to check its configuration? Is the Radius server sending a reject?
What is the output of show auth-tracebuf mac  <MAC OF DEVICE>

------------------------------
Ayman Mukaddam

Original Message:
Sent: Nov 18, 2020 12:47 AM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP

We have configured WPA2 Enterprise on IAP 325. But user got fail connections.
Authentication using external Radius. Shared key already same configure on Server.
How to check aaa authentication and create best configuration for IAP.

------------------------------
Idham Khaidir
------------------------------