Troubleshooting Radius Accounting Issues; Rogue Ap Detection Troubleshooting - Motorola WS5100 Series Troubleshooting Manual

3-4 WS5100 Series Switch Troubleshooting Guide
Accounting does not work with external RADIUS Accounting server
Ensure that accounting is enabled.
• Ensure the RADIUS Accounting server is reachable
• Verify the port number being configured on accounting configuration matches that of external the
RADIUS Accounting Server
• Verify the shared secret being configured on accounting configuration matches that of the external
RADIUS Accounting Server

3.2.1 Troubleshooting RADIUS Accounting Issues

Use the following guidelines when configuring RADIUS Accounting:
1. The RADIUS Accounting records are supported only for clients performing 802.1X EAP based
authentication.
2. The user name present in the accounting records, could be that of the name in the outer tunnel in
authentication methods like: TTLS, PEAP.
3. If the switch crashes for whatever reason, and there were active EAP clients, then there would be no
corresponding STOP accounting record.
4. If using the on-board RADIUS Accounting server, one can delete the accounting files, using the 'acct
purge' command in the AAA context.
5. If using the on-board RADIUS Accounting server, the files would be logged under the: /usr/var/log/
radius/radacct/<clientIP>
In this case, the <clientIP> is the SRC IP used to send across the accounting packets in the CellController.
Typically, this depends on the IP of the Radius Accounting Server, and the CC binds to the interface, over
which the UDP packet would go out (based on the routing tables).

3.3 Rogue AP Detection Troubleshooting

Motorola recommends adhereing to the following guidelines when configuring Rogue AP detection:
1. Basic configuration required for running Rogue AP detection:
• Enable any one of the detection mechanism.
• Enable rogueap detection global flag.
2. After enabling rogueap and a detection mechanism, look in the roguelist context for detected APs. If no
entries are found, do the following:
• Check the global rogueap flag by doing a show in rogueap context. It should display Rogue AP status
as "enable" and should also the status of the configured detection scheme.
• Check for the AP flag in rulelist context. If it is set to "enable", then all the detected APs will be
added in approved list context.
• Check for Rulelist entries in the rulelist context. Verify it does not have an entry with MAC as
"FF:FF:FF:FF:FF:FF" and ESSID as "*"
3. If you have enabled AP Scan, ensure that at least a single radio is active. AP scan does not send a scan
request to an inactive or unavailable radio.