The extremely useful aspect of this command is that it shows the attributes which are returned by the radius server. The command can take some time to show the output if a radius server is unreachable and the WLC needs to retry or fallback to a different radius server. In order to view the results of the authentication request, you need to execute the command test aaa show radius. Execute 'test aaa show radius' for response Test radius auth request successfully sent.
#Testing radius server password#
When the command is executed, WLC displays the parameters with which it sends out the access request: (Cisco Controller) >test aaa radius username admin password cisco123 wlan-id 1 apgroup default-group server-index 2
Let's have a look at how the command works and the outputs are seen when the test aaa radius command results in a passed authentication. This can be found under Security > Authentication tab. (optional) -> The server index configured for the radius server that you are trying to test. This will be default-group if there is no AP group configured. > WLAN ID of the SSID that you are testing. (Cisco Controller) > test aaa radius username password wlan-id ap-group server-index -> Username that you are testing. These parameters need to be provided to execute the command: The radius server validates the credentials provided and provides the results of the authentication request. The WLC sends an access request message to the radius server along with the parameters that is mentioned in the test aaa radius command.įor ex: test aaa radius username admin password cisco123 wlan-id 1 apgroup default-group server-index 2 This is a basic workflow when you use the command test aaa radius, as shown in the image. You can now remotely verify if the WLC-Radius server communication fails or if the credentials for the client results in a passed or failed authentication. The test aaa radius command lets you do just that. Up until now there was no easy way to identify if an authentication failure was caused by the radius server which rejects the client, or just simply a reachability issue. In an increasingly critical wireless network, this can cause significant downtime. In order to troubleshoot this, it often requires to get hold of the problematic client, work with the end users who may not have the best knowledge of wireless networks and to collect debugs and captures.
Wireless client authentication issues are one of the most challenging problems that wireless network engineers face.
#Testing radius server software#
This document is not restricted to specific software and hardware versions.
#Testing radius server code#
Prerequisites RequirementsĬisco recommends that you have knowledge of Wireless LAN Controller (WLC) code 8.2 and above. This document describes how the test aaa radius command on the Cisco WLC can be used to identify radius server connectivity and client authentication issues without the use of a wireless client.
0 kommentar(er)
