Troubleshooting Radius Accounting Issues - Brocade Communications Systems RFS6000 System Reference Manual

•
•
Authentication using LDAP fails
Ensure the following have been attempted:
•
•
•
•
VPN Authentication using onboard RADIUS server fails
Ensure the following have been attempted:
•
•
•
Accounting does not work with external RADIUS Accounting server
Ensure that accounting is enabled.
•
•
•

Troubleshooting RADIUS Accounting Issues

Use the following guidelines when configuring RADIUS Accounting
•
•
•
•
•
Brocade Mobility RFS6000 and RFS7000 System Reference Guide
53-1001858-01
Add a AAA client on controller 2 with a VLAN interface IP address which can communicate with
controller 1
Save the current configuration
Is LDAP server reachable?
Have all LDAP attributes been configured properly?
Dbtype must be set to LDAP in AAA configuration
Save the current configuration
Ensure that the VPN user is present in AAA users
This VPN user MUST NOT added to any group.
Save the current configuration
Ensure that the RADIUS Accounting server reachable
Verify that the port number being configured on accounting configuration matches that of
external RADIUS Accounting Server
Verify that the shared secret being configured on accounting configuration matches that of
external RADIUS Accounting Server
The RADIUS Accounting records are supported for clients performing 802.1X EAP based
authentication or using the Hotspot functionality.
The user name present in the accounting records, could be that of the name in the outer
tunnel in authentication methods like: TTLS, PEAP.
If the controller crashes for whatever reason, and there were active EAP clients, then there
would be no corresponding STOP accounting record.
If using the on-board RADIUS Accounting server, one can delete the accounting files, using the
del command in the enable context.
If using the on-board RADIUS Accounting server, the files would be logged under the path:
/flash/log/radius/radacct/
B
Security Issues
555