There is no configuration on the device for the specified RADIUS server

  • 2
  • Question
  • Updated 4 years ago
Hi,

I'm setting up a new Hive Manager (on premise) and doing a radius test and get the above message on two of the APs.  If I ssh onto them and do a 'show run', it shows the servers in the config, so this error is a bit misleading.

Any idea what this could be?  I have applied a full config, rebooted etc, but get the same result.
Photo of wombat

wombat

  • 62 Posts
  • 3 Reply Likes

Posted 4 years ago

  • 2
Photo of Eastman Rivai

Eastman Rivai, Official Rep

  • 146 Posts
  • 17 Reply Likes
Can you try to do the test from CLI

exec aaa radius_test <<ip address of the Radius>> username <<username>> password <<password>>

Did it work when you tried to authenticate a wireless client?

Do you mind to share the output of show running config | in radius-server?

Thank you
Photo of wombat

wombat

  • 62 Posts
  • 3 Reply Likes
tried that and it didn't work.  I am yet to try with a wireless client though, which should happen in a couple of days.

We have 4 radius servers configured.  Two of the work with the radius test, and the other two don't.  At one stage we made a change and applied a full config update, then it did work.  Did something else and rebooted and now it doesn't.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
The RADIUS test is not a representative test of an 802.1X client as it doesn't use a TLS-based EAP type or a Service-Type of Framed etc.
(Edited)
Photo of J. Goodnough

J. Goodnough, Champ

  • 266 Posts
  • 32 Reply Likes
...that seems like something that should be fixed or at least specifiable, no?
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Ideally you would be able to specify these when testing.

There is a somewhat similar issue with the CWP where naked PAP, CHAP or CHAPv2 is used.
Photo of Eastman Rivai

Eastman Rivai, Official Rep

  • 146 Posts
  • 17 Reply Likes
Can you please share your running config with us?

Thank you,
Photo of Bill W.

Bill W.

  • 222 Posts
  • 35 Reply Likes
I would check the settings on your RADIUS servers.  I've seen this when the RADIUS server does not have the AP configured as a RADIUS client.  I've also seen it when the authentication method is not set appropriately on the RADIUS server.

We use NPS on Windows Server 2008 R2 for RADIUS.  And for the RADIUS test to be successful, the AP must be configured in the RADIUS Clients.  And in the Connection Request Policies, the connection policy for the APs must have MS-CHAP-V2 enabled as one of the Authentication Methods.
Photo of wombat

wombat

  • 62 Posts
  • 3 Reply Likes
The NPS server was fine.  It is an existing server, not a new one.  The APs have been added as NAS clients.

I tried with a wireless client authenticating against those servers, and that works.  I went back to try the 'radius server access test' again, and it shows me the same error that there is no configuration on the device for that radius server.

As it stands, not an altogether useful test.
Photo of wombat

wombat

  • 62 Posts
  • 3 Reply Likes
I managed to stumble upon the reason why this was happening.  I had set the radios to not broadcast the ssids, since this was a testing environment.

When the ssids were being broadcast from the AP, then the radius tests all worked fine.