Wireless Access

 View Only
Back to discussions
Expand all | Collapse all

RADIUS requests not sent

This thread has been viewed 42 times

  • 1.  RADIUS requests not sent

    Posted Jan 07, 2026 12:36 PM

    We had an issue earlier this week where clients could not connect to our network using 802.1X.  The issue only affected clients on one controller, as the other three controllers had no issue.  Looking at a packet capture, the client would associate with the AP, the AP would request EAP identity, the client would respond, and then the AP would again ask for identity.  This would continue until the connection timed out. 

    Checking on ClearPass, the RADIUS request did not show up in Access Tracker and Event Viewer showed no errors.

    Checking the logs of the controller, there were two repeated logs.
    1. SAPM Client failed: (null) Message Code 62526 Sequence Num is 2
    2. Failed to send the radius request for Station aa:bb:cc:dd:ee:ff 11:22:33:44:55:66

    Upon rebooting the affected controller, the issue was resolved and has not happened again in ~48 hours.  My question is if anyone has experienced anything similar or knows what the cause could be.  I'd like to prevent similar issues from occurring again.



    -------------------------------------------


  • 2.  RE: RADIUS requests not sent

    Posted Jan 07, 2026 05:29 PM

    Please provide more info like, is this a new installation and what firmware version are you running on this controller.



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: RADIUS requests not sent

    Posted Jan 08, 2026 05:16 PM

    This is an existing installation.  The controller with the issue is running AOS 8.12.0.5 as is the other controller in the cluster.  There is another cluster for two controllers running 8.10.0.20.  Only one of the controllers in the 8.12.0.5 cluster was experiencing this issue.

    -------------------------------------------

    Original Message


  • 4.  RE: RADIUS requests not sent

    Posted Jan 08, 2026 03:56 AM

    I've seen such behavior when DNS is (temporarily) failing and radius server is addressed by name.

    And if the RADIUS server is temporarily unreachable, the radius server may be marked 'down' by the controller and not tried for a while. A reload of the controller resets the down status, but it's still strange that the controller got in that state.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: RADIUS requests not sent

    Posted Jan 08, 2026 05:17 PM

    We did have a DNS change scheduled for the same morning, but this issue started occurring ~2 hours before any changes had been made.  

    -------------------------------------------

    Original Message


  • 6.  RE: RADIUS requests not sent

    Posted Jan 08, 2026 02:12 PM

    Do you have more than one ClearPass appliance to target?



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 7.  RE: RADIUS requests not sent

    Posted Jan 08, 2026 05:19 PM

    We have two ClearPass servers in a cluster. 

    -------------------------------------------

    Original Message


  • 8.  RE: RADIUS requests not sent

    Posted Jan 08, 2026 05:26 PM

    so are you using a VIP for the two ClearPass auth servers? and is that being referenced in the controllers? or referencing them individually?



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------

    Original Message


  • 9.  RE: RADIUS requests not sent

    Posted Jan 12, 2026 05:59 PM

    I think both.  We have hostnames set up for the VIP and each ClearPass server individually.  The controller is set up with all three in an Auth server group.

    -------------------------------------------

    Original Message


  • 10.  RE: RADIUS requests not sent

    Posted Jan 12, 2026 06:09 PM

    Just use the individual appliance addresses.  VIP should really be used for captive portal (or other HTTP/HTTPS workflow) purposes and not much else.  An argument could be made for creating a VIP for each individual appliance, that way adding/removing/reloading nodes can be accomplished easier, but then you're still using an address that is tied directly to the appliance on the NAD.

    Targetting only the VIP when there is a single VIP for a two node cluster will just overload a single appliance, a server group consisting of the appliances and the VIP is going to also create an unbalanced load.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


Related Content