Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

AAA server test troubleshooting

This thread has been viewed 12 times
  • 1.  AAA server test troubleshooting

    Posted 30 days ago

    Dear Experts, 

    This post is regarding how to troubleshoot Radius server issues. 

    1) AAA server test doesnt seem to work no matter what i do. I can see in clearpass then request is coming but service categorization failed. What is the proper way of checking AAA server connectivity using this diagnostic tool? 

    2) Is there any debug command to check Radius packet exchange between aruba controller and radius server?

    3) is there any packet capture possible between aruba controller and radius server?



  • 2.  RE: AAA server test troubleshooting

    EMPLOYEE
    Posted 30 days ago
    1. AAA server test does a simple auth using PAP and is unlikely to match any of your normal services.
    2. Yes, there's a whole AAA debug category to sift through.
    3. Yes.  If you are running ClearPass then this is usually easiest done from the ClearPass cluster node.


    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 3.  RE: AAA server test troubleshooting

    Posted 29 days ago
    Dear Carson, 

    Can you guide more on point 2.

    1. Yes, there's a whole AAA debug category to sift through.





  • 4.  RE: AAA server test troubleshooting

    Posted 28 days ago

    There is no connectivity problem, you can see incoming authentication requests. You don't need to debug to solve the problem.

    If the message says service categorization failed, it means that there is no matching service for this request.
    In every service there is a service rule, there are conditions defined. If these are fulfilled for the authentication request, then the service will also process this request. 

    So compare the attributes that you see in the access tracker with the conditions from the service rule. Check whether the NAS port type and service type match.



    ------------------------------
    Regards,

    Waldemar
    ACCX # 1377, ACEP, ACX - Network Security
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------