Troubleshooting Radius Accounting Issues - Brocade Communications Systems RFS6000 System Reference Manual
Provides centralized wireless lan (wlan)
Hide thumbs
Also See for RFS6000:
- Cli reference manual (839 pages) ,
- System reference manual (574 pages)
Table of Contents
Advertisement
Accounting does not work with external RADIUS Accounting server
Ensure that accounting is enabled.
•
•
•
Troubleshooting RADIUS Accounting Issues
Use the following guidelines when configuring RADIUS Accounting
•
•
•
•
•
Rogue AP Detection Troubleshooting
Brocade recommends adhering to the following guidelines when configuring Rogue AP detection:
•
•
•
•
Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide
53-1002515-01
Ensure that the RADIUS Accounting server reachable
Verify that the port number being configured on accounting configuration matches that of
external RADIUS Accounting Server
Verify that the shared secret being configured on accounting configuration matches that of
external RADIUS Accounting Server
The RADIUS Accounting records are supported for clients performing 802.1X EAP based
authentication or using the Hotspot functionality.
The user name present in the accounting records, could be that of the name in the outer
tunnel in authentication methods like: TTLS, PEAP.
If the switch crashes for whatever reason, and there were active EAP clients, then there would
be no corresponding STOP accounting record.
If using the on-board RADIUS Accounting server, one can delete the accounting files, using the
del command in the enable context.
If using the on-board RADIUS Accounting server, the files would be logged under the path:
/flash/log/radius/radacct/
Basic configuration required for running Rogue AP detection:
•
Enable any one of the detection mechanism.
•
Enable rogueap detection global flag.
After enabling rogueap and anyone of the detection mechanisms, look in the roguelist
context for detected APs. If no entries are found, do the following:
•
Check the global rogueap flag by doing a show in rogueap context. It should display Rogue
AP status as "enable" and should also the status of the configured detection scheme.
•
Check for the "Brocade AP" flag in rulelist context. If it is set to "enable", then all the
detected APs will be added in approved list context.
•
Check for Rulelist entries in the rulelist context. Verify it does not have an entry with
MAC as "FF:FF:FF:FF:FF:FF" and ESSID as "*"
If you have enabled AP Scan, ensure that at least a single radio is active. AP scan does not
send a scan request to an inactive or unavailable radio.
Just enabling detectorscan will not send any detectorscan request to any adopted AP. User
should also configure at least a single radio as a detectorAP. This can be done using the set
detectorap command in rogueap context.
B
537
Advertisement
Table of Contents
Troubleshooting
