Controllerless Networks

Reply
Highlighted
Contributor I

RADIUS timeouts from IAP cluster

Hello, we have this happen now and then from one of our campus locations. All of our RADIUS traffic has to traverse the WAN back to the DC to auth with CPPM.

Normally when we have this, it's a WAN issue, but recently we had an oddball thing happen. After much troubleshooting and rebooting etc, we changed the VC IP to match the access points IP address that was the acting VC and this fixed it.

I've recommended that the person who found this open a TAC case, but I wanted to see if anyone else had any recommendations for odd crap with the IAP and RADIUS issues

Highlighted
Super Contributor II

Re: RADIUS timeouts from IAP cluster

Do you have Dynamic RADIUS proxy set up for the IAP cluster. This will source all RADIUS requests from the VC address and not the AP addresses themselves.

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX #509 | ACCX #1272 | ACSP | ACDA | ACEP | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
Contributor I

Re: RADIUS timeouts from IAP cluster

Yes, we have dynamic proxy enabled for both RADIUS and TACACS across the board.

Highlighted
Super Contributor II

Re: RADIUS timeouts from IAP cluster

Have you checked that the virtual controller IP Address is set as a NAS IP when configuring RADIUS server attributes with dynamic RADIUS proxy enabled?

 

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX #509 | ACCX #1272 | ACSP | ACDA | ACEP | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
Contributor I

Re: RADIUS timeouts from IAP cluster

Yes, this location was working fine up until about two weeks ago. No changes or upgrades were done to the IAP cluster, it just flipped out. I know these things are probably the dead worst wireless solution you can implement in an enterprise environment so nothing surprises me anymore with them.

Highlighted
Guru Elite

Re: RADIUS timeouts from IAP cluster

No.  Those are not the dead worse thing you can deploy in an enterprise, because we have many customers who have this deployed and working currently.

 

You didn't say if there was a firewall between sites.

You didn't say how often radius timeouts are occurring.

You didn't say if you looked at the Clearpass event viewer to see if there were any errors that corresponded to the timeouts.

Your post is not detailed enough to make a coherent assessment about what could be going wrong.  You could have answers to the points above, but they must be answered in the course of looking at your issue, because they could all be factors.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: