05-12-2010 06:11 AM - edited 07-03-2021 06:47 PM
I have configured radius 4,2:
- Create an internal database, a account
- Create an AAA client, with pass the same on Authenticator server
- Authenticate using Radius-Aironet (and try with other radius vendor)
- Submit and Apply
From Authenticator ( Ruckus Zone-director 1000)
- Configure the same secret pass with ACS
- IP: ACS, Port: 1812
- Send user name and pass which created on ACS server
From authenticator, send raidius access-request with username & pass have created on ACS, but ACS doesn't response any message even fail ..
Could you please help me figure out the happening problem
Thank a lot
-Brian.
05-12-2010 08:58 AM
From the failed attempts log it says unknown NAS. This means that the communication between the AP and ACS isn't working correctly. This could be that the AP doesn't have the right shared secret key, the AP isn't defined in Network Devices, or one of the configs. Do you have this device in a Network Group on the ACS server? If so make sure you have the group shared secret key defined on the AP.
05-12-2010 07:31 PM
I have double checked all shared secret key and make sure they was right
They was also added to ACS network group as well
The problem is still happening
05-16-2010 07:05 PM
Brian,
I would also like you to check following,
Please go to Network Configuration > If we have Network Device Group option enabled, then go the network device group---Edit properties---remove the shared secret from there---submit the changes.
And try again, If authentication works, that would mean that we have configured a Network Device Group level key. And a NDG level key over rides the AAA
Client level key.
Are we seeing "unknown NAS" with the same NAS ip address the one we have added on the ACS under network configuration?
Regds,
JK
Do rate helpful posts-
06-07-2010 03:42 AM
sorry for late response
i have changed as your suggestion, but nothing differences ?
Do you have other suggestion
thank you
06-07-2010 06:27 PM
Brain,
Unknown NAS shows up when ACS do not have aaa-client listed with required protocol ie tacacs or radius. Make sure that IP we see in failed logs is there in NDG or aaa-client.
That should fix it.
Regards,
~JG
Do rate helpful posts
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: