ID Manager, no radsec proxy

  • 1
  • Question
  • Updated 6 months ago
  • (Edited)
I deployed a network policy with id manager enabled, but no access-point has the radsec-proxy role. There is no proxy icon and also show idm displays that idm proxy is disabled:

ap-test1#sh idm

IDM client: Enabled Per SSID

IDM Proxy IP: 172.21.76.200

IDM proxy: Disabled

RadSec Certificate state: Valid

RadSec Certificate Issued: 2017-05-06 07:12:26 

RadSec Certificate Expires: 2018-05-09 07:12:26 


But:

ap-test1#exec aaa idm-test radsec-proxy 

The Aerohive device establish a TCP session with the ID Manager auth gateway successfully.


Does anyone have an idea?

Thanks,

Christian

Photo of Christian Bösch

Christian Bösch

  • 13 Posts
  • 0 Reply Likes

Posted 1 year ago

  • 1
Photo of Gary Smith

Gary Smith, Official Rep

  • 299 Posts
  • 61 Reply Likes
Hi Christian,

IDM Proxy IP: 172.21.76.200

Can you have a look at the AP with this IP address and then run a "show idm"? (assuming it is not the same AP)

Kind Regards,
Gary Smith
Photo of Christian Bösch

Christian Bösch

  • 13 Posts
  • 0 Reply Likes
Hi Gary,

Thanks, but the AP with this IP address is the one I ran the command "sh idm" and pasted the output from above.

Kind regards,
Christian
Photo of Chris B

Chris B, Official Rep

  • 93 Posts
  • 10 Reply Likes
Hi Christian

Can you test to IDM from the AP with the following;

exec _test tcp-service host 54.171.185.94 port 2083

Thanks

Chris

Photo of Christian Bösch

Christian Bösch

  • 13 Posts
  • 0 Reply Likes
Hi Chris,

Looks good:

ap-test1#exec _test tcp-service host 54.171.185.94 port 2083

Testing TCP connection for host=54.171.185.94, port=2083, timeout=10 seconds

Test successfully.


Thanks,

Christian

Photo of Chris B

Chris B, Official Rep

  • 93 Posts
  • 10 Reply Likes
Yes, that does look good.  What version of HiveOS are you running?

Can you try clearing the IDM credentials by selecting the AP in monitor tab, then navigate to utilities, clear IDM credentials.  Then push a complete upload to the device.

Chris
Photo of Christian Bösch

Christian Bösch

  • 13 Posts
  • 0 Reply Likes
I have 6.6r2a.
Ok, i cleared IDM credentials and pushed a full config.
Still the same.

Regards,
Christian
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
Are you allowing the management network/Hivemanager address access to the IDM cloud service? 
Photo of Christian Bösch

Christian Bösch

  • 13 Posts
  • 0 Reply Likes
Yes, I also registered in HiveManager under Administratioin/HiveManager Services/Customer ID Retrieval with the ID Manager admin account.
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
Hmm, that is quite strange as you can clearly contact the IDM server which is key in electing an IDM proxy.
Photo of Chris B

Chris B, Official Rep

  • 93 Posts
  • 10 Reply Likes
Hi Christian

I would recommend moving away from 6.6r2 HiveOS,  we have our golden release branch which is 6.5r7 currently, and  HiveOS 8.0r1 for the newer AP's.  I don't know of any specific issues with IDM and the version you are running, but if we need to dig further we would need to investigate on a current version of software.

Which AP's do you have in your environment?  Can you reproduce this behaviour after upgrading to one of the new versions?

Chris
Photo of Christian Bösch

Christian Bösch

  • 13 Posts
  • 0 Reply Likes
I have two APs with the IDM network policy. One AP330 with 6.5r6 and one AP130 with 7.1r1. 
Both versions are displayed in the HM as the latest versions. HM is 6.8r7
Photo of Chris B

Chris B, Official Rep

  • 93 Posts
  • 10 Reply Likes
HI Christian

Do you use HiveManager online?  Can you share the VHM details so I can take a look at the configuration?
Photo of Christian Bösch

Christian Bösch

  • 13 Posts
  • 0 Reply Likes
No I have HM on premise
Photo of Asus Router Customer Number

Asus Router Customer Number

  • 1 Post
  • 0 Reply Likes
ID Manager, is very responsible for many software because many software provide the ID for re verification  so your post is really nice and informative ,if you face any problem in your local server like service host  so you can contact me and resolve your  problem.