Troubleshooting RADIUS
Symptom 1
User authentication/authorization always fails.
Analysis
Possible reasons include:
A communication failure exists between the NAS and the RADIUS server.
The username is not in the format userid@isp-name or the ISP domain is not correctly configured on the NAS.
The user is not configured on the RADIUS server.
The password entered by the user is incorrect.
The RADIUS server and the NAS are configured with different shared keys.
Solution
Check that:
The NAS and the RADIUS server can ping each other.
The username is in the userid@isp-name format and the ISP domain is correctly configured on the NAS.
The user is configured on the RADIUS server.
The correct password is entered.
The same shared key is configured on both the RADIUS server and the NAS.
Symptom 2
RADIUS packets cannot reach the RADIUS server.
Analysis
Possible reasons include:
A communication failure exists between the NAS and the RADIUS server.
The NAS is not configured with the IP address of the RADIUS server.
The authentication/authorization and accounting UDP ports configured on the NAS are incorrect.
The RADIUS server's authentication/authorization and accounting port numbers are being used by other applications.
Solution
Check that:
The link between the NAS and the RADIUS server work well at both the physical and data link layers.
The IP address of the RADIUS server is correctly configured on the NAS.
The authentication/authorization and accounting UDP ports configured on the NAS are the same as those of the RADIUS server.
The RADIUS server's authentication/authorization and accounting port numbers are available.
Symptom 3
A user is authenticated and authorized, but accounting for the user is not normal.
Analysis
The accounting server configuration on the NAS is not correct. Possible reasons include:
The accounting port number configured on the NAS is incorrect.
The accounting server IP address configured on the NAS is incorrect. For example, the NAS is configured to use a single server to provide authentication, authorization, and accounting services, but in fact the services are provided by different servers.
Solution
Check that:
The accounting port number is correctly configured.
The accounting server IP address is correctly configured on the NAS.