External Captive Portal with RADIUS auth

one0fnine
one0fnine Posts: 17
Friend Collector
Hi all!
I'm trying to setup External Captive Portal and authentication by RADIUS. In SSID settings I added 2 RADIUS servers. The servers is available. I've checked their. So next, i see a message in the event log:
<div><div>Failed login attempt to WAC6103D-I from captive portal due to radius request timeout.</div></div>
I couldn't find reasons why nebula can't connect to my radius servers.

Accepted Solution

  • one0fnine
    one0fnine Posts: 17
    Friend Collector
    Answer ✓

    Hi @one0fnine

     

    The log stands for AP doesn’t communicate with radius server successfully.

    You could use Live tools on Nebula Access point > Monitor > specific AP page to do a simple test by ping or traceroute radius server.

    From your screenshot, it said the AP sent packets to radius server but we can’t see if radius server response or not. Can you confirm the packets or logs from radius server side?

    We’d like know no packets at all you mentioned is captured from which point.

    Thank you

     

    Regards,

    Bella



    Hi Bella, thanks for the answer!
    1/ I tested their. Radius servers are available.
    2/ From the screenshot, I tested it from my laptop while connected to the AP (other test SSID). BTW on the screenshot the server responded Access-Accept message. I saw the same in logs too. If it's useful, I can attach a log file

    I tested this case on another AP. It's successful! So I think the AP is glitching.

All Replies

  • Greenlight
    Greenlight Posts: 57  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    From my experience, the request timeout usually means the AP didn't get the response from Server.

    I think you can check your server settings, such as:

    1. Is it added the correct IP address into the trusted client?
    2. Did the network policy is set correctly?
    3. You can further check if the Server receives the request packets from the AP?

    There're several reasons which may cause to this log, wish you good luck in diagnostic this issue!

  • one0fnine
    one0fnine Posts: 17
    Friend Collector
    From my experience, the request timeout usually means the AP didn't get the response from Server.

    I think you can check your server settings, such as:

    1. Is it added the correct IP address into the trusted client?
    2. Did the network policy is set correctly?
    3. You can further check if the Server receives the request packets from the AP?

    There're several reasons which may cause to this log, wish you good luck in diagnostic this issue!

    Thanks for the answer!
    Yea, I agree. I think the same. AP didn't get the response.
    1/ I re-added IP address and added another IP address of RADIUS server. The result is the same
    2/ Do you mean network policy in AP settings or overall? In overall I checked availability of servers. It's correctly.
    3/ Yeah, I checked it too. There is no packets at all.
  • Zyxel_Bella
    Zyxel_Bella Posts: 428  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @one0fnine

     

    The log stands for AP doesn’t communicate with radius server successfully.

    You could use Live tools on Nebula Access point > Monitor > specific AP page to do a simple test by ping or traceroute radius server.

    From your screenshot, it said the AP sent packets to radius server but we can’t see if radius server response or not. Can you confirm the packets or logs from radius server side?

    We’d like know no packets at all you mentioned is captured from which point.

    Thank you

     

    Regards,

    Bella


  • one0fnine
    one0fnine Posts: 17
    Friend Collector
    Answer ✓

    Hi @one0fnine

     

    The log stands for AP doesn’t communicate with radius server successfully.

    You could use Live tools on Nebula Access point > Monitor > specific AP page to do a simple test by ping or traceroute radius server.

    From your screenshot, it said the AP sent packets to radius server but we can’t see if radius server response or not. Can you confirm the packets or logs from radius server side?

    We’d like know no packets at all you mentioned is captured from which point.

    Thank you

     

    Regards,

    Bella



    Hi Bella, thanks for the answer!
    1/ I tested their. Radius servers are available.
    2/ From the screenshot, I tested it from my laptop while connected to the AP (other test SSID). BTW on the screenshot the server responded Access-Accept message. I saw the same in logs too. If it's useful, I can attach a log file

    I tested this case on another AP. It's successful! So I think the AP is glitching.
  • Zyxel_Bella
    Zyxel_Bella Posts: 428  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @one0fnine

     

    Sure. I’ve sent you private message to inquire the log files.

    The AP that you’re having problem is WAC6103D-I, how about the model of another AP and their firmware version?

    If both APs are in same site with no difference settings, we’ll need your help to enable the Zyxel support at Help > Support request > Invite Zyxel support as administrator, and provide the Org and Site name in private message for us to check.

    Thank you

     

    Regards,

    Bella

  • Thanks for the answer!

    The last AP is the same absolutely. I re-added the glitched AP to another organization and... surprise, surprise. It's working. I don't know why it's happened. Maybe because at first time I set RADIUS server address parameter by domain name. Anyway If You wanna investigate it, I will PM org and site names to you

Nebula Tips & Tricks