About 802.11x + RADIUS configuration

  • 1
  • Question
  • Updated 3 months ago
Currently I have WLANS "RADIUS" with 802.1x , AAA server "RADIUS" and I can connect this with my laptop and mobile device.

Then I want to create new WLANS "OFFICE" with 802.1x and same AAA server.

But I was failure to connect ....

If I changed 802.1x to open, I can connect to "OFFICE".

Thus what's the reason of the connection ?

Thanks
Photo of Law William

Law William

  • 7 Posts
  • 0 Reply Likes

Posted 3 months ago

  • 1
Photo of Roberto Hernandez Jr

Roberto Hernandez Jr, Employee

  • 19 Posts
  • 7 Reply Likes
Hi Law,

In theory, that should work. However, we would need to know more details to understand what you might be running into. You mentioned that "RADIUS" WLAN works with same AAA server but "OFFICE" does not. Can you try a simple test (assuming this is in the lab), where you delete the "RADIUS" WLAN and try only the "OFFICE"? It would be interesting to see the result. Also, can you let us know the version of ZoneDirector and AP?
Photo of Roberto Hernandez Jr

Roberto Hernandez Jr, Employee

  • 19 Posts
  • 7 Reply Likes
Photo of Law William

Law William

  • 7 Posts
  • 0 Reply Likes
Hi Roberto,

Just tried failure to connect even using mobile device.

Photo of Roberto Hernandez Jr

Roberto Hernandez Jr, Employee

  • 19 Posts
  • 7 Reply Likes
Have you tried the "Testing Authentication" utility? Also, what model and version of ZoneDirector are you running? Did you try to remove the "RADIUS" WLAN as suggested?

Here is how you can try the "Testing Authentication" utility.

1. On the Configure > AAA Servers page, locate the Test Authentication Settings section.
2. Select the authentication server that you want to use from the Test Against drop-down menu.
3. In User Name and Password, enter an Active Directory, LDAP or RADIUS user name and password.
4. Click Test.

If ZoneDirector was able to connect to the authentication server and retrieve the configured groups/attributes, the information appears at the bottom of the page. The following is an example of the message that will appear when ZoneDirector:

* authenticates successfully with the server:
Success! Groups associated with this user are “{group_name}”. This user will be assigned a role of {role}.

If the test was unsuccessful, there are three possible results (other than success) that will be displayed to inform you if you have entered information incorrectly: • Admin invalid • User name or password invalid • Search filter syntax invalid (LDAP only) 

Photo of Law William

Law William

  • 7 Posts
  • 0 Reply Likes
Hi Roberto,

Since "RADIUS" is in production, I don't want any impact on it this moment.

For "Test Authentication", should I use "william.law" as user name for testing ?

If yes, even working AAA server also failure.

Only succeed on "Active Directory"



(Edited)
Photo of Law William

Law William

  • 7 Posts
  • 0 Reply Likes
Hi Roberto,

How to assign different users to different groups ?

Otherwise, if using AAA server, I have to assign user to Roles ?

Thanks

(Edited)
Photo of Roberto Hernandez Jr

Roberto Hernandez Jr, Employee

  • 19 Posts
  • 7 Reply Likes
Based on the message you provided, it seems to be a problem between zonedirector and radius server. What Radius server are you using? Can you look at the logs of the Radius server and see what is telling you. A couple of things I can think are. "Shared secret" not matching. The incorrect IP address defined in the Radius configuration (on the radius server side). Invalid userna/password. To know all of this, we would need to know what radius server you are using.
Photo of Law William

Law William

  • 7 Posts
  • 0 Reply Likes

Hi Roberto,

Finally, my laptop PC available to connect after I added to "Default" role.

I would like to know if I want this SSID to connect with "Operator" role, how to control it under WLAN ?

Thanks


Photo of Roberto Hernandez Jr

Roberto Hernandez Jr, Employee

  • 19 Posts
  • 7 Reply Likes
HI Law,

The instructions can be found on the manual page 210. Here is the link.

https://ruckus-support.s3.amazonaws.com/private/documents/223/ZoneDirector_9.5_User_Guide_-_Rev_C_-_...

Regards,
 _Roberto H


Photo of Law William

Law William

  • 7 Posts
  • 0 Reply Likes
Hi Roberto,


It's couldn't been download.