I upgraded MC to AOS 8.10.0.5, and there is no log "Approaching radius ID exhaustion on server" anymore.
Original Message:
Sent: Feb 16, 2023 09:48 AM
From: Colin Joseph
Subject: Approaching radius ID exhaustion on Radius server
I believe this is bug AOS-235160. It is fixed in 8.10.0.5 https://www.arubanetworks.com/techdocs/ArubaOS/Consolidated_8.x_RN/Content/8.10/05/resolved_8.10.0.5.htm
"For some RADIUS servers during radsec socket clean up, incorrect handling of free sequence number count is observed in case of radius server timeout resulting in EAP ID exhaustion. The fix ensures that controllers work as expected. This issue was observed in controllers running ArubaOS 8.10.0.0 or later versions."
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
Original Message:
Sent: Feb 15, 2023 09:32 PM
From: tigerbt
Subject: Approaching radius ID exhaustion on Radius server
Hi Cjoseph,
Yes, Radsec is enabled on the radius server. The Radius server is CPPM
We have 2 MCs working in a cluster, and the authentication server group is load-balance with 2 CPPMs
The issue has just happened with the headquarter, which has plenty of dot1x clients. There's no issue with the branches at the same time.
Could you give me some advice?
Thank you,
Original Message:
Sent: Feb 15, 2023 09:04 AM
From: cjoseph
Subject: Approaching radius ID exhaustion on Radius server
Are you using Radsec? What is your radius server?
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
Original Message:
Sent: Feb 15, 2023 05:10 AM
From: tigerbt
Subject: Approaching radius ID exhaustion on Radius server
Hi all,
I'm facing an issue that clients can't associate with a dot1x SSID because of Authentication timeout.
There are a lot of dot1x timeout logs on the radius server as well as "Approaching radius ID exhaustion on radius server socket xx" logs on the MCs
Radsec is enabled on the Radius server.
The radius server is working properly with branches (without these logs above). The HQ has more clients than other branches.
The issue has happened since I upgraded MCs from AOS 8.8.0.3 to AOS 8.10.0.2.
Does anyone have the same issue?
------------------------------
Thank you in advance for your help
------------------------------