Wireless Access

We have a customer with laptops running 802.1x to NPS via a 3600 controller.

They cant get on to the system and when i run the show auth-trace-buf command i am getting a radius server "out-of-service"

message as though the NPS box has been placed into a "dead server" list.

I know the NPS box is working.

Pete

 

#3600

What verson of ArubaOS?  How many radius servers are in the server group?  Are there any messages on the NPS server?

 

 

hello

no message on the NPS box but we know it's working ok.

 

Try forcing it in service with the aaa inservice command

Are there any other devices using this NPS server? Are those working correctly?

Can you run a AAA test from the diagnostics page and see if you get an accept, reject or timeout?

 

We have tested the NPS box from another NAS and is working ok.

The message we are getting is a server timeout message.

Any ideas?

 

Can you Ping the server ?

What ports did you define for authentication ?

is there is any firewall between the controller and RADIUS server !

Big Thank you to everyone who replied.

We found the issue in the end.

What had happened there was an RF rogue client who had statically configured the IP address of the NPS box!!!

All radius requests were going to this client.

As a result the lack of response meant the controller was put into a "dead server" group.

When we tracked down the client all was well.

Chap called Manish from Aruba TAC was excellent in helping out.

CHEERS

Pete

 

 

 

quick question as a result of what happened.

Is there a way of enforcing DHCP on an SSID so that nobody with a static IP address can get in?

cheers

Pete

 

hello everybody,

just found the tick box for enforce dhcp in the AAA profile.

cheers

Pete

 

Good Subject to discuss and we are happy to see your problem Solved :)