Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS6000 - Wireless RF Switch

521

522

523

524

525

526

527

528

529

530

C-11

C.3.2.8 VPN Authentication using onboard RADIUS server fails

Ensure the following have been attempted:

• Ensure that the VPN user is present in AAA users

• This VPN user MUST NOT added to any group.

• Save the current configuration

C.3.2.9 Accounting does not work with external RADIUS Accounting server

Ensure that accounting is enabled.

• Ensure that the RADIUS Accounting server reachable

• Verify that the port number being configured on accounting configuration matches that of external

RADIUS Accounting Server

• Verify that the shared secret being configured on accounting configuration matches that of external

RADIUS Accounting Server

C.3.3 Troubleshooting RADIUS Accounting Issues

Use the following guidelines when configuring RADIUS Accounting

• The RADIUS Accounting records are supported for clients performing 802.1X EAP based authentication

or using the Hotspot functionality.

• The user name present in the accounting records, could be that of the name in the outer tunnel in

authentication methods like: TTLS, PEAP.

• If the switch crashes for whatever reason, and there were active EAP clients, then there would be no

corresponding STOP accounting record.

• If using the on-board RADIUS Accounting server, one can delete the accounting files, using the del

command in the enable context.

• If using the on-board RADIUS Accounting server, the files would be logged under the path:

/flash/log/radius/radacct/

C.4 Rogue AP Detection Troubleshooting

Motorola recommends adhereing to the following guidelines when configuring Rogue AP detection:

• Basic configuration required for running Rogue AP detection:

• Enable any one of the detection mechanism.

• Enable rogueap detection global flag.

• After enabling rogueap and anyone of the detection mechanisms, look in the roguelist context for

detected APs. If no entries are found, do the following:

• Check the global rogueap flag by doing a show in rogueap context. It should display Rogue AP status

as "enable" and should also the status of the configured detection scheme.

• Check for the "Motorola AP" flag in rulelist context. If it is set to "enable", then all the detected APs

will be added in approved list context.

• Check for Rulelist entries in the rulelist context. Verify it does not have an entry with MAC as

"FF:FF:FF:FF:FF:FF" and ESSID as "*"