yes, I assume such RADIUS traffic is by default with QoS tag 0 (thats what I've observed in traffic capture for RADIUS traffic from old Cisco's 5508 )
Original Message:
Sent: Mar 07, 2023 05:53 AM
From: Herman Robers
Subject: Authentication server request timed out for RADIUS-AUTH
You may consider to prioritize the RADIUS traffic, like you probably have for voice traffic to prevent those packets from being dropped if your link is congested.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Feb 28, 2023 04:31 AM
From: AVY
Subject: Authentication server request timed out for RADIUS-AUTH
thanks for these points!
I've checked by pings
ping ip <RADIUS_IP> df-bit repeat 100 size 1472<o:p></o:p>
it shows all good (packets reaching related server) but during peak hours high losses due to congested links (during non-peak hours losses absent or just few)
!!!!!!.!!!!!!.!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!.!!!<o:p></o:p>
.!!!!!!.!!!.!!!!!!!!!!!!!!!!!!<o:p></o:p>
Will need to work to add bandwidth ...
Original Message:
Sent: Feb 27, 2023 04:47 AM
From: Herman Robers
Subject: Authentication server request timed out for RADIUS-AUTH
If you see timeouts, that can be a client configuration issue, or an MTU issue between your controller and ClearPass (or even AP and controller). If you have a non-responding backend authentication/authorization server (when using ClearPass, for other RADIUS servers the name may be different), that can also result in timeouts.
MTU can fragement the RADIUS/EAP packets and result them being dropped. If the client does not trust the RADIUS Server EAP certificate, or does have other issues with the supplicant configuration, this may happen as well.
What is the authentication you have configured?
What is the server certificate used?
Increasing the timeout value will in general not solve your issue.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Feb 22, 2023 02:12 AM
From: AVY
Subject: Authentication server request timed out for RADIUS-AUTH
I have many such events in Aruba WLCs logs.
1) Is it critical and even on non-working day e.g. during the weekend I had several in logs...
2) I've increased default value of "Timeout " under related "aaa authentication-server radius <....>", but I also seen similar parameter under "aaa authentication dot1x <.....>"
Authentication Server Retry Interval 5 sec
Authentication Server Retry Count 3
Which will take preference "aaa authentication-server radius <....>" or "aaa authentication dot1x <.....>" or
"aaa authentication dot1x <.....>" with its settings will trigger "aaa authentication-server radius <....>" with its own settings ?!