My RADIUS Auth via local network does not work

baba · November 2022

Hi,

i've set up a RADIUS Sever for a SSID and added the LAN IP in Nebula. But if i am offline the authentication does not work, because the external IP is used:

Image: https://us.v-cdn.net/6029482/uploads/editor/fz/1udsaa5ehftn.png

AP Log:
2022-11-28 15:33:05 10.10.100.35 0" dst="0.0.0.0:0" msg="User baba (MAC: a2:5d:32:xx:xx:xx) 802.1X auth timeout. (Server: 91.42.xxx.xxx:1812, Timeout: 12s)" note="" user="unknown" devID="d8ece58cdxxx" cat="User"

2022-11-28 15:33:05 10.10.100.35 0" dst="0.0.0.0:0" msg="User baba (MAC: a2:5d:32:xx:xx:xx) 802.1X auth failed on interface wlan-2-8.(Server: 91.42.xxx.xxx:1812)" note="" user="unknown" devID="d8ece58cdxxx" cat="User"

Whats wrong?

Best,
baba

baba · November 2022

I had added a dns entry in Host field before. I believe it's using the old hostname instead using the the new private ip

Zyxel_Bella · November 2022

Hi @baba

Ensure the AP status is up to date after apply new settings, if the security type of SSID applied on AP the server will use IP address in the config file.

You can access the AP by ssh and use command show running-config to check or enable the Zyxel support at Help > Support request > Invite Zyxel support as administrator, save the changes for us to check. And provide the Org and Site name.

[Nebula] How to turn on Zyxel Support Access?

Kindly sharing your topology with us will help a lot.

Thank you

Regards,

Bella

baba · November 2022

Hi @Zyxel_Bella,

The AP status is up to date. And you're right, the settings were not applied. "show running-config" shows that the domain still will be used. What can I do? It's urgent because this effects all wifi clients. Can it be related to this https://community.zyxel.com/en/discussion/15169/nebula-cloud-service-incident-2022-11-28-12-42-utc-0#latest issue?

server-auth 1 host address mydomain.tld port 1812 secret-encrypted base64encodedString=

The new IP is saved in Nebula but not applied to the access points.

Topology: USG Flex 200 with six MWA110AX.

I've activated the zyxel support access.

Thanks!

baba · November 2022

The problem is getting bigger. Tonight, without a change, all SSIDs disappeared. After I turned one SSID off and on, it was working again. In the running-config is still an "entry server-auth 1 host address" with the DNS name. The field "server-acct 1 ip address" contains the correct IP. The access points continue to try to contact the DNS name.

Zyxel_Bella · November 2022

Hi @baba

Thanks for the information.

We’ve checked into the access point and confirmed your description that accounting server uses domain name in the config file.

We’ll clarify and update you asap.

Regards,

Bella

Zyxel_Bella · December 2022

Hi @baba

After investigated, we found the result is due to the AP applied the running-cofig which includes both IP address and domain name but domain name override the firstly applied IP to cause the issue.

The thing we’ve confirmed is NCC pushed the correct info for AP, but we’re still working on tracking the flow AP part to and to fix it asap.

To help you quickly back the service to normal, the fastest way is to delete the SSID on Nebula then create it again with IP address or like you mentioned in message to add a new one.

Feel free to let me know if you need my help to do any changed on the SSID settings for you or you’ll arrange to operate.

Thank you

Regards,

Bella

baba · December 2022

Hi @Zyxel_Bella,

do you have any ETA for a fix of this Problem? Deleting a SSID is no option for me, because i will loose the order of the ssids.

Thanks!

Zyxel_Bella · December 2022

Hi @baba

The fix is included in firmware version V6.50 which will be soon released.

Thank you

Regards,

Bella

My RADIUS Auth via local network does not work

All Replies

Categories

Nebula Tips & Tricks

Nebula Help Center