Security

Will the Amigopods RADIUS server log events from defined NAS's with bad shared secrets or connection requests from unknown NAS's for troubleshooting. i.e if a controller that is not defined on the Amigopod makes an Access-request will it show up in the log?

I'm gonna say yes. On Amigopod there's a RADIUS server debugging section..

Sorry for the wall of text.. It's from the amigopod deployment guide...page 46

TLDR - Yes you can. : This can help track down configuration problems in NAS clients (such as an incorrect shared secret, or an invalid request attribute), user roles (wrong reply attributes or values), and other problems.

Debug RADIUS Server
The AAA Debug option on the RADIUS Server Configuration page enables additional debugging messages logged during the handling of RADIUS packets. The default setting is “No debugging.” This option might be of use when setting up or troubleshooting advanced authorization methods, and you can refer to the application log to view the AAA debug messages. However, for performance reasons, this option should be disabled in a production environment. If you do enable it for troubleshooting, remember to disable it when
you are through.In debugging mode, the detailed log output from the local RADIUS server is redirected to your browser.
This can greatly assist in troubleshooting the exact cause of an authentication, authorization or accounting (AAA) problem.
Normally, the RADIUS server runs in the background, processing AAA requests from incoming clients and generating responses. However, if you are troubleshooting an authentication problem, sometimes it is convenient to see exactly what is being sent and received by the RADIUS server. This can help track down configuration problems in NAS clients (such as an incorrect shared secret, or an invalid request attribute), user roles (wrong reply attributes or values), and other problems. To view this output, the RADIUS server is stopped and restarted in a diagnostic mode. The output generated on each request is redirected to your Web browser.
When you stop the debugger, the normal background operation of the RADIUS server is resumed. No further output will be received once the debugger has been stopped. During the starting and stopping of the server, there may be brief periods of time during which the RADIUS server is unreachable. RADIUS clients should cope with this outage by retrying their RADIUS requests.
However, on a busy network some traffic may still be lost.To enter debugging mode, click the Debug RADIUS Server command link on the RADIUS > Server Control page.

I've attached the 3.7 deployment guide... Not sure which version you're thinking off..

Cheers

James

Attachment(s)

Amigopod_Deployment_Guide_v3.7.pdf   21.89 MB 1 version

OK, a packet capture shows that no RADIUS traffic is coming from the controller for guests creating accounts through a split-tunnel VAP via a RAP. This setup works on other controllers with the same profiles. Interestingly for other RADIUS packets they have a NAS-IP-Address of the master rather than the Local which I'm trying to debug.