Debug Radius Server; Viewing Failed Authentications - Aruba Networks PowerConnect W Clearpass 100 Software Deployment Manual

Log entries that are displayed include both successful and unsuccessful authentication attempts, the details
about any authentication or authorization failures, and server configuration messages when the RADIUS
server is started.

Debug RADIUS Server

The AAA Debug option on the RADIUS Server Configuration page enables additional debugging messages
logged during the handling of RADIUS packets. The default setting is "No debugging." This option might be
of use when setting up or troubleshooting advanced authorization methods, and you can refer to the
application log to view the AAA debug messages. However, for performance reasons, this option should be
disabled in a production environment. If you do enable it for troubleshooting, remember to disable it when
you are through.
In debugging mode, the detailed log output from the local RADIUS server is redirected to your browser.
This can greatly assist in troubleshooting the exact cause of an authentication, authorization or accounting
(AAA) problem.
Normally, the RADIUS server runs in the background, processing AAA requests from incoming clients and
generating responses. However, if you are troubleshooting an authentication problem, sometimes it is
convenient to see exactly what is being sent and received by the RADIUS server. This can help track down
configuration problems in NAS clients (such as an incorrect shared secret, or an invalid request attribute),
user roles (wrong reply attributes or values), and other problems.
To view this output, the RADIUS server is stopped and restarted in a diagnostic mode. The output generated
on each request is redirected to your Web browser.
You can resize the log output area by clicking and dragging the border.
When you stop the debugger, the normal background operation of the RADIUS server is resumed. No
further output will be received once the debugger has been stopped.
During the starting and stopping of the server, there may be brief periods of time during which the RADIUS
server is unreachable. RADIUS clients should cope with this outage by retrying their RADIUS requests.
However, on a busy network some traffic may still be lost.
To enter debugging mode:
Go to RADIUS > Server Control > Debug RADIUS Server.

Viewing Failed Authentications

To view a list of recent authentication failures:
Go to RADIUS > Server Control > View Failed Authentications.

The RADIUS Failed Authentications list is displayed.
114 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide