Dell PowerConnect W Clearpass 100 Software RADIUS Troubleshooting TechNote
Dell PowerConnect W Clearpass 100 Software Manual
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerConnect W Clearpass 100 Software manual content summary:
- Dell PowerConnect W Clearpass 100 Software | RADIUS Troubleshooting TechNote - Page 1
Authorisation and Accounting (AAA) is a core component of the amigopod platform and therefore being able to effectively troubleshoot any that your Access Controller's RADIUS server definitions for both Authentication and Accounting are configured to match the above port settings. If your deployment - Dell PowerConnect W Clearpass 100 Software | RADIUS Troubleshooting TechNote - Page 2
Tech Note - RADIUS Troubleshooting Version 0.9 Basic Diagnostics A basic display of the most recent RADIUS transactions is logged to the screen of the amigopod interface found under RADIUS Services Æ Server Control as shown in the screenshot below. Simple error messages such as unknown NAS & - Dell PowerConnect W Clearpass 100 Software | RADIUS Troubleshooting TechNote - Page 3
Troubleshooting Version 0.9 Diagnostic Tools A great tool for testing basic IP connectivity and RADIUS availability on the amigopod is to download an open source RADIUS test client such as NTRadPing. This tool is available for download RADIUS Services Æ NAS List with the IP Address of your test - Dell PowerConnect W Clearpass 100 Software | RADIUS Troubleshooting TechNote - Page 4
Note - RADIUS Troubleshooting Version 0.9 Detailed Troubleshooting If deeper troubleshooting is required, you can enable a detailed RADIUS debugger session by clicking on the Debug RADIUS Server button shown in the amigopod screenshot below. When debugging RADIUS problems, the #1 problem to watch - Dell PowerConnect W Clearpass 100 Software | RADIUS Troubleshooting TechNote - Page 5
Tech Note - RADIUS Troubleshooting Version 0.9 There are 2 things to note: 1. When using PAP, it is impossible to distinguish between an incorrect shared secret and an incorrect user password. But in 2 out of 3 cases above the problem is the shared secret is wrong, not that the password is wrong. - Dell PowerConnect W Clearpass 100 Software | RADIUS Troubleshooting TechNote - Page 6
Tech Note - RADIUS Troubleshooting Version 0.9 rad_recv: Access-Request packet from host 192.168.2.3:2406, id=2, length=75 User-Name = "[email protected]" User-Password = "password" Calling-Station-Id = "00- - Dell PowerConnect W Clearpass 100 Software | RADIUS Troubleshooting TechNote - Page 7
Tech Note - RADIUS Troubleshooting Version 0.9 Reply-Message = "Guest" Session-Timeout = 795 Correct password - Incorrect shared secret - PAP rad_recv: Access-Request packet from host 192.168.2.3:2442, id=5, length=75 - Dell PowerConnect W Clearpass 100 Software | RADIUS Troubleshooting TechNote - Page 8
Tech Note - RADIUS Troubleshooting Version 0.9 rlm_sql_postgresql: affected rows = rlm_sql_postgresql: query: SELECT radgroupcheck.id, radgroupcheck.GroupName, radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup WHERE usergroup.Username = 'demo@example. - Dell PowerConnect W Clearpass 100 Software | RADIUS Troubleshooting TechNote - Page 9
Tech Note - RADIUS Troubleshooting Version 0.9 rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): Released sql socket id: 1 rlm_sql (sql): No matching entry in the database for request from user [
Tech Note – RADIUS Troubleshooting
Overview
RADIUS Authentication, Authorisation and Accounting (AAA) is a core component of the
amigopod platform and therefore being able to effectively troubleshoot any authentication
issues between Access Controllers (RADIUS NAS devices) and the amigopod is essential.
By default amigopod is configured to communicate RADIUS traffic on the following ports:
o
Authentication transaction on UDP port 1812
o
Accounting transactions on UDP port 1813
o
RFC 3576 transactions on UDP port 3799
The inbuilt firewall rules that protect the amigopod kernel are automatically provisioned to
allow traffic to flow to and from these ports.
Basic Configuration
When configuring your network environment you must ensure that your Access Controller’s
RADIUS server definitions for both Authentication and Accounting are configured to match
the above port settings. If your deployment demands that this default ports be changed from
1812 and 1813 these can be modified through the amigopod web interface under
RADIUS
Services
Server Configuration
as shown in the screenshot below: