How to configure IPv6 RADIUS server to use FQDN? List the debugging options available.

Aruba Employee
Aruba Employee

Introduction :


ArubaOS provides support for RADIUS authentication server over IPv6. You can configure an IPv6 host or specify an FQDN that can resolve to an IPv6 address for RADIUS authentication. By default, the RADIUS server is in IPv4 mode. You must enable the RADIUS server in IPv6 mode to resolve the specified FQDN to IPv6 address.


Feature Notes :


Prior to AOS version, we could only configure the Aruba Controller to talk to the Radius/TACACS server using only IPv4 IP addresses. However, with AOS version, Aruba now supports communication between the controller and the Radius server using IPv6 IP address as well.


Environment : This article applies to all Aruba Controllers running OS version or above.


Configuration Steps :


Through WebUI


To configure an IPv6 host for a RADIUS server:

1. Navigate to the Configuration > Security > Authentication > Servers page.

2. SelectRADIUS Server to display the RADIUS server List.

3. Select the required RADIUS server from the list to go to the Radius server page.

4. To enable the RADIUS server in IPv6 mode select the Enable IPv6 check box.

5. To configure an IPv6 host for the selected RADIUS server specify an IPv6 address or an FQDN in the Host field.

6. ClickApply to apply the configuration.



Through CLI

(Aruba7220) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(Aruba7220) (config) #aaa authentication-server radius Radiusserver
(Aruba7220) (RADIUS Server “Radius-fqdn") #enable-ipv6
(Aruba7220) (RADIUS Server “Radius-fqdn") #host
(Aruba7220) (RADIUS Server “Radius-fqdn") #key admin
(Aruba7220) (RADIUS Server "radius_fqdn") #end


To resolve FQDN, you must configure the DNS server name using the ip name-server <ip4addr> command.
(Aruba7220) (config) #ip name-server


Verification :


(Aruba7220) #show aaa authentication-server radius Radius-fqdn

RADIUS Server "Radiusserver"
Parameter                                                      Value
-------                                                  ------------
Key                                                              admin
Auth Port                                                    1812
Acct Port                                                     1813
Retransmits                                               3
Timeout                                                      5 sec
NAS ID                                                        N/A
NAS IP                                                         N/A
Enable IPv6                                               Enabled
NAS IPv6                                                     N/A
Source Interface                                        N/A
Use MD5                                                     Disabled
Use IP address for calling station ID    Disabled
Mode                                                           Enabled
Lowercase MAC addresses                   Disabled
MAC address delimiter                            none
Service-type of FRAMED-USER             Disabled

(Aruba7220) (config) #show ip domain-name

IP domain lookup:       Enabled
IP Host.Domain name:    Aruba7220.

DNS servers

(*) Dynamic DNS entry

(Aruba7220) (config) # show aaa fqdn-server-names

Auth Server FQDN names
FQDN                              IP Address      IPv6 Address    Refcount
   ----                                    ----------               ------------         --------          2012::150          1

(Aruba7220) (config) #show aaa authentication-server all | include Radiusserver
Radiusserver    Radius  2012::150      1812      1813      Enabled  0



Troubleshooting :


Following logging levels can be enabled on the controller check Radius related logs:

(Aruba3200) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(Aruba3200) (config) #logging level debugging security process authmgr
(Aruba3200) (config) #logging level debugging security subcat aaa

Version history
Revision #:
1 of 1
Last update:
‎07-18-2014 06:05 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: