Wireless Access

last person joined: 5 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

RADIUS Primer

This thread has been viewed 13 times
  • 1.  RADIUS Primer

    Posted 25 days ago
    So, I've spent the last few hours digging in the MM/WLC GUI and CLI along with the 1400 page CLI guide and Configuration guide trying to peel the onion of RADIUS. 4 authentication servers were set up for the initial build. I am trying to migrate to the last 2 and remove the first 2. I began by trying to delete one of the first auth servers. It is removed from the Server Groups but I cannot delete it from All Servers because it "is in use". I took the IP out of the Server Options and I am still in the same place. I can't seem to get rid of this first server, but I don't think it is authenticating any hosts. 

    What are some commands to determine what server a host is using for authentication? In the connected WLC, I am using *show user authentication-method dot1x* to get the MAC of a host, then *show auth-tracebuf mac xx:xx:xx:xx:xx:xx* and I see the name of one of the old servers. The other way would be check the log for that host. 

    As you can imagine, this is much more involved than that. I am currently looking for commands and ideas to clear the mud. Then, I will try to get a host to authenticate with one of the two "new" servers. I moved them up in the "ISE" server group, but it looks like the old server is still authenticating hosts as it is the third authentication server in the group.

    ------------------------------
    Kirk Christensen
    ------------------------------


  • 2.  RE: RADIUS Primer

    Posted 25 days ago
    "show user-table verbose" will tell you in a column, which AAA server a device used to authenticate...but that is not what's stopping you from deleting it.  

    Type "show aaa authentication-server radius" on a WLC to see if your AAA server still has any references.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------