Wireless Access

last person joined: 12 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Client authentication via NPS

This thread has been viewed 8 times

  • 1.  Client authentication via NPS

    Posted Jan 03, 2020 04:28 AM

    Hello everybody,

    We have NPS setup for Aruba authentication. We are using IAP 305's (running firmware version 6.5.4.8_65873) with the instant controller, managed by Airwave version 8.2.7.1.

     

    It has been working pretty well until recently when some users have been having problems connecting. I checked Airwave, and I am seeing somewhat high rates of Radius Authentication errors. For example this morning one user had over 200 authentication errors. 

     

    I have a ticket open with Aruba support, and they have been asking me to run some logs which as of this point have not been very helpful. 

     

    I found in the Event Viewer of the NPS the following errors.

     

    Source is NPS, event ID 16, text is as follows: “A RADIUS message with the Code field set to 12, which is not valid, was received on port 1812 from RADIUS client aruba_mastervc. Valid values of the RADIUS Code field are documented in RFC 2865.”.

     

    Can you help with this error?



  • 2.  RE: Client authentication via NPS

    MVP EXPERT


  • 3.  RE: Client authentication via NPS

    MVP
    Posted Jan 03, 2020 05:47 AM

    Did you check the validity of the Certification on the NPS Server?



  • 4.  RE: Client authentication via NPS

    EMPLOYEE
    Posted Jan 03, 2020 07:06 AM
    @Bantay wrote:

    Hello everybody,

    We have NPS setup for Aruba authentication. We are using IAP 305's (running firmware version 6.5.4.8_65873) with the instant controller, managed by Airwave version 8.2.7.1.

     

    It has been working pretty well until recently when some users have been having problems connecting. I checked Airwave, and I am seeing somewhat high rates of Radius Authentication errors. For example this morning one user had over 200 authentication errors. 

     

    I have a ticket open with Aruba support, and they have been asking me to run some logs which as of this point have not been very helpful. 

     

    I found in the Event Viewer of the NPS the following errors.

     

    Source is NPS, event ID 16, text is as follows: “A RADIUS message with the Code field set to 12, which is not valid, was received on port 1812 from RADIUS client aruba_mastervc. Valid values of the RADIUS Code field are documented in RFC 2865.”.

     

    Can you help with this error?

    We would need to know much more about your setup to even help.  There is very little to configure on Instant in terms of radius (ip address, radius key and radius port), so that means the variability is in the user's client, NPS and your infrastructure (network) setup.  Please find out if there have been any changes in your NPS configuration (make sure message authenticator is not enabled), or your network setup.  I would urge you to continue to work with TAC and use a utility like NTradiping:  https://www.novell.com/coolsolutions/tools/14377.html to ensure that basic radius functions work at the site with your issue.