NXC2500 switching between primary and secondary radius server doesn't work
Hello,
As described in the topic. I have configured SSID on NXC2500 with External Radius Server type (primary and secondary). The configuration has been provisioned to all my UAP. I can connect to WiFi with AD credentials, but when I turn off the primary radius server, I can't connect to WiFi. What's more, I don't see any attempts of authentication from UAP in the secondary radius server.
When I set up secondary as primary then the situation is the same, I can connect when the primary server is turned on.
As described in the topic. I have configured SSID on NXC2500 with External Radius Server type (primary and secondary). The configuration has been provisioned to all my UAP. I can connect to WiFi with AD credentials, but when I turn off the primary radius server, I can't connect to WiFi. What's more, I don't see any attempts of authentication from UAP in the secondary radius server.
When I set up secondary as primary then the situation is the same, I can connect when the primary server is turned on.
0
All Replies
-
Hi @Wojtas,
I used my NXC to do the test and set the radius server like below screenshot.
When the first server is not able to connected by the station, the station can do the authentication with the backup server and connect WiFi.
For checking more detail of your issue, please help to collect diagnostics in MAINTENANCE> Diagnostics> Diagnostics, and capture the packets of the NXC uplink interface when you are doing the authentication. You may capture the packets in MAINTENANCE> Diagnostics> Packet capture like below screenshot.
After collecting related information, please PM me the files.
Thanks.0 -
Hi @Zyxel_Freda
Maybe I have been a little bit not precisius. I have configured external RADIUS server for SSID, like this:
0 -
Hi @Wojtas,
Thanks for providing the setting information. After doing a test, we can reproduce the issue you mentioned and start to check details. I'll update for you asap when we get any progress.0 -
0
-
Hi @Wojtas,
After we checked the issue, it's related to the mechanism of connection between the AP and the Radius server, so we'd like to check more detail of the AP models and connected client info. May I know your AP model name?0 -
0
-
Hi @Wojtas,According to the mechanism of the external radius on AP, the AP tries to connect to the primary radius server in 12 seconds, and then the AP tries to connect with the secondary radius server after 12 seconds. However, in our captured packets, the connection between the AP and station was already timeout even the AP did try to connect to the secondary server and marked the primary AP is failed to connect.So, when the station connected to the AP at the 2nd time, the AP connected to the secondary server directly because the primary server is marked as failed to connect, so the station can do authentication successfully in time. That means the station could connect to the secondary server successfully when it connected to the AP at the 2nd time.May I know that did you do the test for once connection or you tried to connect for several times after the connection timeout?If you tried to connect the station to AP for several times but still failed to do authentication with the secondary server, please help to collect below two items to us to check details.1. Please capture the packets on AP in MAINTENANCE> Diagnostics> Packet Capture> Capture on AP when doing the connection.2. Please collect diagnostic of the AP in MAINTENANCE> Diagnostics> Diagnostic> AP.
Zyxel Nebula Support
0 -
I have tried a few times, but I couldn't connect when the first NPS server was turned off. I collected the files, but I can't send them to you by the forum because the file format is not allowed. How can I share it with you?I have one more observation... It looks like my laptop is switching between APs. First it tried to connect to AP-1, next not to AP-1 but to AP-2.In my opinion it shouldn't matter, switching between RADIUS servers should be fast and smoothly. The end user can't trys 10 times to connect if I have two redundant radius servers.0
-
Hi @Wojtas ,
Would you PM me the files that you collected?
If the station connects on the first AP twice, would it pass the authentication at the 2nd time connection?
If it's not available to attached file via message, would you please put it in a cloud server and share a link to download it?0 -
I wil try test it on Monday morning again. I have working people on the WLAN.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight