Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

AAA Server Timeout Response.

This thread has been viewed 10 times

  • 1.  AAA Server Timeout Response.

    Posted Jun 16, 2016 01:14 PM

    Dear Experts,

     

    I have installed the NPS server on a separate machine and it is a part of Domain. DC is also a Certificate Authority. I am getting AAA server timeout response on both Controllers. Please find the below detailed information.

     

    Two controllers operationally fine in Master/Standy mode based on VRRP along with database synchronization and centralized licensing features. Controllers are in layer-2 domain. Controllers and servers are terminated on core switch.

     

    Native VLAN in the whole network = 5

    Master controller VLAN and IP = vlan-5 & 172.17.48.161

    Standby controller VLAN and IP = vlan-5 & 172.17.48.162

    VRRP IP of VLAN-5 = 172.17.48.160

    Gaetway IP on both controllers = 172.17.48.1------->(Core switch VLAN-5 SVI)

     

    NPS Server VLAN = 200

    IP address of the machine on which NPS is insllated = 172.16.0.151

    Radius client = 172.16.0.45  -------------------- > Gateway SVI of vlan 200 

    Shared key = admin@123

     

    Radius configuraiton on controller 

     

    (MC7210) (config) #aaa authentication‐server radius nps
    (MC7210) (RADIUS Server "nps") #host 172.16.0.151
    (MC7210) (RADIUS Server "nps") #enable
    (MC7210) (RADIUS Server "nps") #key admin@123
    (MC7210) (RADIUS Server "nps") #       Nil
    (MC7210) (RADIUS Server "nps") #       Nil

     

    Added this nps server into the server group. I am able to ping NPS ip 172.16.0.151 from controllers CLI/GUI and from any part of the network.

     

    Please correct me If I am wrong and let me know how to resolve """AAA server timeout issue"""



  • 2.  RE: AAA Server Timeout Response.
    Best Answer

    EMPLOYEE
    Posted Jun 16, 2016 01:24 PM

    You should look at the eventviewer on the NPS server to see what ip address it thinks the authentication requests are coming from.

     

    The requests never come from the ip address of the VRRP..



  • 3.  RE: AAA Server Timeout Response.

    Posted Jun 16, 2016 01:54 PM

    Dear Cjoseph 

     

    I will update you tomorrow. And lets suppose if the ip address in the event viewer is x.x.x.x then do I need to set this ip as Radius client ? and any further configuration required ?

     

    I will be gratefull to you for your assistance in this matter.



  • 4.  RE: AAA Server Timeout Response.
    Best Answer

    EMPLOYEE
    Posted Jun 16, 2016 03:24 PM

    The answer is yes.



  • 5.  RE: AAA Server Timeout Response.

    Posted Jun 17, 2016 01:02 AM

    Dear Cjoseph,

     

    An event viewer showing that request is coming from Master controller ip 172.17.48.161. So according to you request would never come from virtual ip so I added two radius clients 172.17.48.161 & 172.17.48.162  in the NPS server.

     

    You are a great man. Thumps up