How do I configure the local radius?

  • 1
  • Question
  • Updated 5 years ago
  • Answered
  • (Edited)
Someone know how can I configure the local radius server???
Photo of Diego Armando Romero Monsalve

Diego Armando Romero Monsalve

  • 28 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
To debug any issues with the integrated FreeRADIUS server in each access point you will need the following CLI commands:

1. If the AP cannot join the domain use the command:

exec aaa net-join primary username password

2. If the AP has joined the domain but users are not authenticating:

exec aaa ntlm-auth username password

3. If the AP has joined the domain and some users work the following debug commands may help:

* _debug radiusd comm
* _debug radiusd excessive
* _debug radiusd verbose

If the above commands do not work try:

* _debug auth all

To see the traffic to and from an access point use the remote sniffer functionality in the access point:

1. SSH to the HiveAP (via an SSH client or via the HM/HMOL integrated SSH client) and log in.

2. Enter the command exec capture remote-sniffer to enable remote sniffing

3. Additionally, you may enter the following optional commands:

* exec capture remote-sniffer user username password (if you require un/pw authentication)

* exec capture remote-sniffer host-allowed X.X.X.X (if you require that only a specific IP host perform sniffing)

* exec capture remote-sniffer local-port port-number (if you require a different port number for sniffing)

* exec capture remote-sniffer promiscuous (if you require that the HiveAP capture all traffic that it can hear instead of only the traffic destined to/through the HiveAP itself).

4. When you have completed your sniffing, you should enter the command no exec capture remote-sniffer to disable remote sniffing.
Photo of Diego Armando Romero Monsalve

Diego Armando Romero Monsalve

  • 28 Posts
  • 0 Reply Likes
thank you both!

Mike, in the link tha you send me, don ́t I found how to configuration the local radius server that is that i need.

Some other help for this procedure??

I need your help??
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
Have you configured a 802.1X wireless network before?
Photo of Robert Hudson

Robert Hudson

  • 4 Posts
  • 2 Reply Likes
Do you meant the RADIUS server on the AP?

If so, you need to create a RADIUS user group, and then add users to that group.

Next, in the AP properties, you need to add the RADIUS group you created to the local RADIUS database. You'll also need to define RADIUS clients (you define them as network objects).

We use RADIUS for authenticating our guest Internet access (nothing fancy, just a password that rolls over periodically), and it works well for us.

I hope that's helpful.
Photo of Diego Armando Romero Monsalve

Diego Armando Romero Monsalve

  • 28 Posts
  • 0 Reply Likes
Hi,

Crowdie:
I have not configured 802.1x, is my firt time.

Robert Hudson:

I created the user ́s and user group, but i dont know how configure the radius server in the AP locally, because i dont have external radius server and i want configure this for guest users like you
Photo of Robert Hudson

Robert Hudson

  • 4 Posts
  • 2 Reply Likes
On the monitor page, select the checkbox for AP you want to host the RADIUS database, and click the "modify" button. On the AP properties page, there is a "Services" section - under that is where you add the RADIUS database.
Photo of Diego Armando Romero Monsalve

Diego Armando Romero Monsalve

  • 28 Posts
  • 0 Reply Likes
what parameters i should give for this local server on hivemanager?? because I configure this but don ́t work.. could you help me!!
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
Diego,

Are you looking to use local RADIUS users or an external authentication server, such as Active Directory?

If you are looking to use an external authentication server which EAP type are you wanting to use? If you are use looking to authenticate users against Active Directory I would suggest that PEAP MSCHAPv2 is probably a good place to start.
Photo of Brian Ambler

Brian Ambler

  • 245 Posts
  • 126 Reply Likes
Diego,

Seeing as since you have never configured an 802.1X network or RADIUS server before, perhaps it might be simpler and easier on your part if you contacted Support. I am not sure where you are located and whether you are entitled to direct support or will go through a partner, but appears like that will be the best route to take. Problems such as this one can be rather complex to troubleshoot and might be more convenient for you to be able to get on the phone with someone who can walk you through this issue.

Of course, you can certainly continue to use the resources available on this community, good luck regardless.