Wireless Access

last person joined: 10 minutes ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Problems Authenticating VIA through a RADIUS Server

Jump to Best Answer
  • 1.  Problems Authenticating VIA through a RADIUS Server

    Posted Dec 13, 2011 10:34 AM

    I'm having trouble authenticating VIA through our RADIUS server. I can authenticate VIA through the internal server without any issues. When I change the VIA Authentication Profile Server Group to my RADIUS server group authentication fails. Through DIagnostics, I can use AAA Test Server and authenticate to the RADIUS server without issue so I'm assuming the RADIUS server is setup correctly and that the issue must be in the setup for VIA. Any and all help would be greatly appreciated!

     

    Thanks.



  • 2.  RE: Problems Authenticating VIA through a RADIUS Server

    Posted Dec 13, 2011 10:45 AM

    Do you see anything in the log when the VIA client attempts authentication?  It sounds like your RADIUS policy may be blocking the attempt.



  • 3.  RE: Problems Authenticating VIA through a RADIUS Server

    Posted Dec 13, 2011 02:13 PM

    Folks,

     

    Moving this discussion under VIA & CSS forum. 



  • 4.  RE: Problems Authenticating VIA through a RADIUS Server

    Posted Dec 13, 2011 06:20 PM

    Ensure that PAP authentication is enabled on your RADIUS server. For example PAP is disabled by default on windows server 2008. The controller uses PAP as the authentication type for RADIUS. If PAP is not supported then using an external RADIUS sever wont work for your VIA deployments.

     

    Are you using MacOS clients or Windows client? The VIA configuration on the controller varies slightly for MacOS clients



  • 5.  RE: Problems Authenticating VIA through a RADIUS Server

    Posted Dec 14, 2011 09:13 PM
    We have both Mac and Windows users. After the fix, all works properly on Windows and Mac IOS. Haven't tried on MacOS yet. Wasn't sure if there was a client for MacOS. Mind sharing the different settings for Mac OS?


  • 6.  RE: Problems Authenticating VIA through a RADIUS Server

    Posted Dec 14, 2011 09:18 PM

    The main difference with MAC OS, is that you need to allow more ports incoming on your firewall.  The protocol list for macOS is:

     

     UDP— 500, 1701, and 4500

     TCP—1723, 443
     IP protocol— 50 

     

    The MAC OSX Client is on the support site.

     

     

    In addition, we launched an Ipad, iPhone client today, as well:  

    http://itunes.apple.com/us/app/aruba-networks-via/id481378525?mt=8

     



  • 7.  RE: Problems Authenticating VIA through a RADIUS Server

    Posted Dec 14, 2011 09:23 PM
    Thanks again for all your time and help.


  • 8.  RE: Problems Authenticating VIA through a RADIUS Server
    Best Answer

    Posted Dec 14, 2011 09:07 PM
    Thanks to Colin, an Aruba engineer, for emailing me and going through troubleshooting and ultimately fixing the issue. All was well with the RADIUS server. Problem turned out to be the controller was configured to reference the default VIA authentication profile which I had not configured since I created a my own authentication profile to use. It's almost always the little things! Thanks again to Colin for taking the time to help. Another reason to love Aruba...great products and amazing support.