Troubleshooting Radius Accounting Issues; Rogue Ap Detection Troubleshooting - Motorola RFS7000 Series Troubleshooting Manual

6-4 Security Issues
Accounting does not work with external RADIUS Accounting server
Ensure that accounting is enabled.
• Ensure that the RADIUS Accounting server reachable
• Verify that the port number being configured on accounting configuration matches that of external
RADIUS Accounting Server
• Verify that the shared secret being configured on accounting configuration matches that of external
RADIUS Accounting Server

6.2.1 Troubleshooting RADIUS Accounting Issues

Use the following guidelines when configuring RADIUS Accounting
1. The RADIUS Accounting records are supported for clients performing 802.1X EAP based authentication
or using the Hotspot functionality.
2. The user name present in the accounting records, could be that of the name in the outer tunnel in
authentication methods like: TTLS, PEAP.
3. If the switch crashes for whatever reason, and there were active EAP clients, then there would be no
corresponding STOP accounting record.
4. If using the on-board RADIUS Accounting server, one can delete the accounting files, using the del
command in the enable context.
5. If using the on-board RADIUS Accounting server, the files would be logged under the path:
/flash/log/radius/radacct/

6.3 Rogue AP Detection Troubleshooting

Motorola recommends adhereing to the following guidelines when configuring Rogue AP detection:
1. Basic configuration required for running Rogue AP detection:
• Enable any one of the detection mechanism.
• Enable rogueap detection global flag.
2. After enabling rogueap and anyone of the detection mechanisms, look in the roguelist context for
detected APs. If no entries are found, do the following:
• Check the global rogueap flag by doing a show in rogueap context. It should display Rogue AP status
as "enable" and should also the status of the configured detection scheme.
• Check for the "Motorola AP" flag in rulelist context. If it is set to "enable", then all the detected APs
will be added in approved list context.
• Check for Rulelist entries in the rulelist context. Verify it does not have an entry with MAC as
"FF:FF:FF:FF:FF:FF" and ESSID as "*"
3. If you have enabled AP Scan, ensure that at least a single radio is active. AP scan does not send a scan
request to an inactive or unavailable radio.
4. Just enabling detectorscan will not send any detectorscan request to any adopted AP. User should also
configure at least a single radio as a detectorAP. This can be done using the set detectorap command in
rogueap context.