1. Manuals
  2. Brands
  3. AMIGOPOD Manuals
  4. Software
  5. PowerConnect W Clearpass 100 Software
  6. Tech note

AMIGOPOD PowerConnect W Clearpass 100 Software Tech Note

Radius troubleshooting technote
Hide thumbs Also See for PowerConnect W Clearpass 100 Software:
1
2
3
4
5
6
7
8
9

Quick Links

See also: Manual
Tech Note – RADIUS Troubleshooting
Overview
RADIUS Authentication, Authorisation and Accounting (AAA) is a core component of the
amigopod platform and therefore being able to effectively troubleshoot any authentication
issues between Access Controllers (RADIUS NAS devices) and the amigopod is essential.
By default amigopod is configured to communicate RADIUS traffic on the following ports:
Authentication transaction on UDP port 1812
o
Accounting transactions on UDP port 1813
o
RFC 3576 transactions on UDP port 3799
o
The inbuilt firewall rules that protect the amigopod kernel are automatically provisioned to
allow traffic to flow to and from these ports.

Basic Configuration

When configuring your network environment you must ensure that your Access Controller's
RADIUS server definitions for both Authentication and Accounting are configured to match
the above port settings. If your deployment demands that this default ports be changed from
1812 and 1813 these can be modified through the amigopod web interface under RADIUS
Services
Server Configuration as shown in the screenshot below:
loading

Related Manuals for AMIGOPOD PowerConnect W Clearpass 100 Software

Summary of Contents for AMIGOPOD PowerConnect W Clearpass 100 Software

  • Page 1: Basic Configuration

    Tech Note – RADIUS Troubleshooting Overview RADIUS Authentication, Authorisation and Accounting (AAA) is a core component of the amigopod platform and therefore being able to effectively troubleshoot any authentication issues between Access Controllers (RADIUS NAS devices) and the amigopod is essential. By default amigopod is configured to communicate RADIUS traffic on the following ports: Authentication transaction on UDP port 1812 Accounting transactions on UDP port 1813...

  • Page 2: Basic Diagnostics

    Tech Note – RADIUS Troubleshooting Version 0.9 Basic Diagnostics A basic display of the most recent RADIUS transactions is logged to the screen of the amigopod interface found under RADIUS Services Server Control as shown in the screenshot below. Simple error messages such as unknown NAS & Incorrect passwords can be quickly gleaned from this screen.

  • Page 3: Diagnostic Tools

    Tech Note – RADIUS Troubleshooting Version 0.9 Diagnostic Tools A great tool for testing basic IP connectivity and RADIUS availability on the amigopod is to download an open source RADIUS test client such as NTRadPing. This tool is available for download from Novell at the following URL: http://www.novell.com/coolsolutions/tools/14377.html The NTRadPing tool allows you to define a RADIUS destination IP Address, port number...

  • Page 4: Detailed Troubleshooting

    Tech Note – RADIUS Troubleshooting Version 0.9 Detailed Troubleshooting If deeper troubleshooting is required, you can enable a detailed RADIUS debugger session by clicking on the Debug RADIUS Server button shown in the amigopod screenshot below. When debugging RADIUS problems, the #1 problem to watch out for is incorrect shared secrets.
  • Page 5 Tech Note – RADIUS Troubleshooting Version 0.9 There are 2 things to note: 1. When using PAP, it is impossible to distinguish between an incorrect shared secret and an incorrect user password. But in 2 out of 3 cases above the problem is the shared secret is wrong, not that the password is wrong.
  • Page 6 Tech Note – RADIUS Troubleshooting Version 0.9 rad_recv: Access-Request packet from host 192.168.2.3:2406, id=2, length=75 User-Name = "[email protected]" User-Password = "password" Calling-Station-Id = "00-17-31-57-d8-78" rlm_sql (sql): Reserving sql socket id: 1 rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username='[email protected]' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows =...
  • Page 7 Tech Note – RADIUS Troubleshooting Version 0.9 Reply-Message = "Guest" Session-Timeout = 795 //////////////////////////////////////////////////////////////////////////// // Correct password - Incorrect shared secret - PAP rad_recv: Access-Request packet from host 192.168.2.3:2442, id=5, length=75 User-Name = "[email protected]" User-Password = "\365\336\267\236\253\243F= Jt\251\317\272`R" Calling-Station-Id = "00-17-31-57-d8-78" rlm_sql (sql): Reserving sql socket id: 1 rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username='[email protected]' ORDER BY id...
  • Page 8 Tech Note – RADIUS Troubleshooting Version 0.9 rlm_sql_postgresql: affected rows = rlm_sql_postgresql: query: SELECT radgroupcheck.id, radgroupcheck.GroupName, radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup WHERE usergroup.Username = '[email protected]' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username='[email protected]' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows =...
  • Page 9 Tech Note – RADIUS Troubleshooting Version 0.9 rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): Released sql socket id: 1 rlm_sql (sql): No matching entry in the database for request from user [[email protected]] Login incorrect: [[email protected]] (from client hydra port 0 cli 00-17-31-57-d8-78) Sending Access-Reject of id 10 to 192.168.2.3 port 2570 CONFIDENTIAL...

This manual is also suitable for:

Amigopod