Question : How to find the radius source ip sent by the IAp
Answer : Enable the following debug from the CLI
# debug pkt port 1812
# debug pkt type udp
# debug pkt dump
Press 'q' to quit.
Received packet from bond0 (timestamp 0001377094)
[asap_firewall_forward(4789):firewall entry] len 174, vlan 0, egress CP, ingress bond0:
#mac: etype 0800 smac 00:1a:1e:15:20:40 tmac 24:de:c6:c3:eb:15
Radius Packet getting SRC-natted with IAP inner IP and goes to radius server…
Received packet from br0 (timestamp 0001378950)
[asap_firewall_forward(4789):firewall entry] len 234, vlan 0, egress CP, ingress br0:
#mac: etype 0800 smac 24:de:c6:c3:eb:15 tmac 00:1a:1e:15:20:40
#ip: sip 10.17.132.93, dip 10.17.128.9, proto 17, dont fragment, last fragment, fragment offset 0
#udp: sport 49158 dport 1812 len 200
[asap_firewall_forward(5538):bridge section] len 234, vlan 1, egress CP, ingress br0:
[asap_firewall_forward(5652):session section] len 234, vlan 1, egress bond0, ingress br0:
[asap_firewall_forward(5811):slowpath section] len 234, vlan 1, egress bond0, ingress br0:
[asap_firewall_forward(5652):session section] len 234, vlan 1, egress CP, ingress br0:
[asap_firewall_forward(6300):route section] len 234, vlan 1, egress CP, ingress br0:
#mac: etype 0800 smac 24:de:c6:c3:eb:15 tmac 00:1a:1e:15:20:40
#ip: sip 10.17.132.235, dip 10.17.128.9, proto 17, dont fragment, last fragment, fragment offset 0
#udp: sport 49158 dport 1812 len 200
[asap_firewall_forward(6322):cp route section] len 234, vlan 1, egress CP, ingress br0:
[asap_firewall_forward(6300):route section] len 234, vlan 1, egress CP, ingress br0:
[asap_firewall_forward(6322):cp route section] len 234, vlan 1, egress CP, ingress br0:
[asap_firewall_forward(6435):routing to tun0] len 220, vlan 0, egress vlan 11, ingress tun0:
#ip: sip 10.17.132.235, dip 10.17.128.9, proto 17, dont fragment, last fragment, fragment offset 0
#udp: sport 49158 dport 1812 len 200