Troubleshooting RADIUS

Symptom 1

User authentication/authorization always fails.

Analysis

  • A communication failure exists between the NAS and the RADIUS server.

  • The username is not in the format of userid@isp-name or the ISP domain for the user authentication is not correctly configured on the NAS.

  • The user is not configured on the RADIUS server.

  • The password entered by the user is incorrect.

  • The RADIUS server and the NAS are configured with different shared key.

  • Solution

    Check that:

  • The NAS and the RADIUS server can ping each other.

  • The username is in the userid@isp-name format and the ISP domain for the user authentication is correctly configured on the NAS.

  • The user is configured on the RADIUS server.

  • The correct password is entered.

  • The same shared key is configured on both the RADIUS server and the NAS.

  • Symptom 2

    RADIUS packets cannot reach the RADIUS server.

    Analysis

  • The NAS and the RADIUS server cannot communicate with each other.

  • The NAS is not configured with the IP address of the RADIUS server.

  • The UDP ports for authentication/authorization and accounting are not correct.

  • The port numbers of the RADIUS server for authentication, authorization and accounting are being used by other applications.

  • Solution

    Check that:

  • The communication links between the NAS and the RADIUS server work well at both physical and link layers.

  • The IP address of the RADIUS server is correctly configured on the NAS.

  • UDP ports for authentication/authorization/accounting configured on the NAS are the same as those configured on the RADIUS server.

  • The port numbers of the RADIUS server for authentication, authorization and accounting are available.

  • Symptom 3

    A user is authenticated and authorized, but accounting for the user is not normal.

    Analysis

  • The accounting port number is not correct.

  • Configuration of the authentication/authorization server and the accounting server are not correct on the NAS. For example, one server is configured on the NAS to provide all the services of authentication/authorization and accounting, but in fact the services are provided by different servers.

  • Solution

    Check that:

  • The accounting port number is correctly set.

  • The authentication/authorization server and the accounting server are correctly configured on the NAS.