Controllerless Networks

We have 3 Controllers, type 7210 1 unit and type 7030 2 units.

We created 7210 as Master in Jakarta site and 1 unit 7030 as local in South Jakarta and 1 unit 7030 as local in Bangalore India.

We have created radius in server group and authentication successful between Master and local in Jakarta. But we got failed with issue AAA authentication server time out in Bangalore.

 

(Aruba7210-MASTER) #show aaa timers

Global User idle timeout = 300 seconds
Auth Server dead time = 10 minutes
Logon user lifetime = 5 minutes
User Interim stats frequency = 600 seconds

 

How to solve this case.

 

Is the connectivity and configuration correct between the controller and the AAA Server? Is the IP, shared key and NAS Clients defined correct on both the controller and the RADIUS Server?

 

Generate a AAA Test Server from the controller that is failing to identify if your configuration is correct.

 

aaa test-server [mschapv2/pap] [AAA Server Name][Username][Password] verbose

For example

#aaa test-server pap CPPM test-username test-password verbose

We can test AAA in Master. Please find below.

(Aruba7210-MASTER) #aaa test-server mschapv2 DHCP-SVR idham.khaidir ******* verbose

Authentication Successful
Processing time (ms) : 7.766
Attribute value pairs in request
--------------------------------
Vendor Attribute Value
------ --------- -----
NAS-IP-Address 10.8.9.2
NAS-Port-Id 0
NAS-Port-Type Wireless-IEEE802.11
User-Name idham.khaidir
Service-Type Login-User
Calling-Station-Id 0.0.0.0
Called-Station-Id 001A1E063290
Microsoft MS-CHAP-Challenge \304S+::\246\304\310\267\030\310\374\214\263Rh
Microsoft MS-CHAP2-Response
Aruba Aruba-Essid-Name
Aruba Aruba-Location-Id N/A
Aruba Aruba-AP-Group N/A
Aruba Aruba-Device-Type
Message-Auth \262{\2505g\375\323\203\241\246 \361eJ\321\227
PW_RADIUS_ID \035
Rad-Length 204
Attribute value pairs in response
---------------------------------
Vendor Attribute Value
------ --------- -----
Service-Type Framed-User
Class F[\006\327
Microsoft MS-MPPE-Recv-Key \252=\373\254.\375\374\276\035\305\351D\265QV\312\373\262\3143T\264\027Y\234\231f\265\217@\251\277O\377
Microsoft MS-MPPE-Send-Key \252>~\022\244-\371\034\002\267\210x\011\362\226\017\011\0174Z\253&\022\341\036Qu\034\215\004z\211\256\277
Microsoft MS-CHAP2-Success
Microsoft MS-CHAP-Domain
PW_RADIUS_ID \035
Rad-Length 210
PW_RADIUS_CODE \002
PW_RAD_AUTHENTICATOR E\313k\330q

But failed when we test on local side.

Can you run the same test on the Local side and post the output? Is the local controller defined as a NAS Client on the RADIUS Servers?

 

**EDIT - Also you may want to remove your password from the previous post  

I tested on local side.

 

(Aruba-BGL) #aaa test-server mschapv2 DHCP-SVR idham.khaidir sep@2020 verbose

AAA server timeout
Processing time (ms) : 19965.881
Attribute value pairs in request
--------------------------------
Vendor Attribute Value
------ --------- -----
NAS-IP-Address 10.8.9.2
NAS-Port-Id 0
NAS-Port-Type Wireless-IEEE802.11
User-Name idham.khaidir
Service-Type Login-User
Calling-Station-Id 0.0.0.0
Called-Station-Id 204C037FBF0E
Microsoft MS-CHAP-Challenge C1\0311\177]\366\264\374o\0142\317*|\222
Microsoft MS-CHAP2-Response
Aruba Aruba-Essid-Name
Aruba Aruba-Location-Id N/A
Aruba Aruba-AP-Group N/A
Aruba Aruba-Device-Type
Message-Auth f\217\326\2135\333\313\371{P\247\270\230[\313}
PW_RADIUS_ID \324
Rad-Length 204

Have you configured this IP on the RADIUS Server with the correct shared key? Are you certain there is no traffic being blocked between the controllers and the RADIUS.

NAS-IP-Address 10.8.9.2

Sent from my iPhone

We have checked there is no blocking and configured this IP on Radius and pre shared key same as Master Controller.

10.8.9.2 is IP of Master Controller.