Troubleshooting RADIUS
Symptom 1
User authentication/authorization always fails.
Analysis
A communication failure exists between the NAS and the RADIUS server.
The username is not in the format of userid@isp-name or the ISP domain for the user authentication is not correctly configured on the NAS.
The user is not configured on the RADIUS server.
The password entered by the user is incorrect.
The RADIUS server and the NAS are configured with different shared key.
Solution
Check that:
The NAS and the RADIUS server can ping each other.
The username is in the userid@isp-name format and the ISP domain for the user authentication is correctly configured on the NAS.
The user is configured on the RADIUS server.
The correct password is entered.
The same shared key is configured on both the RADIUS server and the NAS.
Symptom 2
RADIUS packets cannot reach the RADIUS server.
Analysis
The NAS and the RADIUS server cannot communicate with each other.
The NAS is not configured with the IP address of the RADIUS server.
The UDP ports for authentication/authorization and accounting are not correct.
The port numbers of the RADIUS server for authentication, authorization and accounting are being used by other applications.
Solution
Check that:
The communication links between the NAS and the RADIUS server work well at both physical and link layers.
The IP address of the RADIUS server is correctly configured on the NAS.
UDP ports for authentication/authorization/accounting configured on the NAS are the same as those configured on the RADIUS server.
The port numbers of the RADIUS server for authentication, authorization and accounting are available.
Symptom 3
A user is authenticated and authorized, but accounting for the user is not normal.
Analysis
The accounting port number is not correct.
Configuration of the authentication/authorization server and the accounting server are not correct on the NAS. For example, one server is configured on the NAS to provide all the services of authentication/authorization and accounting, but in fact the services are provided by different servers.
Solution
Check that:
The accounting port number is correctly set.
The authentication/authorization server and the accounting server are correctly configured on the NAS.