Controller-less WLANs

 View Only
last person joined: one year ago 

Articles relating to existing and legacy HPE Aruba Networking products and solutions including IAP, Central / HPE Aruba Networking Central, MSR, and Outdoor Mesh
Back to Library

How to verify the TLS tunnel status between the IAP and RadSec Cloud server on IAP? 

Aug 08, 2016 02:51 PM

Q:

How to verify the TLS tunnel status between the IAP and RadSec Cloud server on IAP?



A:

When using Cloud guest SSID, guest users are authenticated against Radsec(RADIUS over TLS) server on the cloud.  In order to find the TLS tunnel status between IAP and Radsec cloud server, "show radius status" can be executed on IAP as shown below.  If the status is found to be "INIT" rather "Connected", there is some communication issue between IAP and Radsec cloud server. Hence ensure the below is allowed on the firewall.

 

  • Ensure TCP/2083 is allowed on the firewall as that's the default destination port for Radius over TLS.
  • Make sure the Server IP is allowed as well on the firewall.

 

ArubaIAP225# sh radius status

Radius server status
--------------------
Name            Server IP       Source IP  Server Name                                    Protocol    Port  Connected sockets  Status          Last connection tried at    Next connection at
----            ---------       ---------  -----------                                    --------    ----  -----------------  ------          ------------------------    ------------------
InternalServer  127.0.0.1       10.3.2.15  Not configured                                 RADIUS/UDP  1616  Not Applicable     Not Applicable  Not Applicable              Not Applicable
AS1_#guest#_    52.74.197.151   10.10.2.5  asw1.cloudguest.central.arubanetworks.com      RADIUS/TLS  2083  1                  CONNECTED       2016-01-16 11:58:18.110751  Not Applicable

Statistics
0 Favorited
3 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.