Wednesday, August 29, 2018

How to test your RADIUS configuration on the Cisco 5508 controller without having APs and clients.

How to test your RADIUS configuration on the Cisco 5508 controller without having APs and clients.

Authentication problems are pretty common when configuring the WLAN controller to authenticate users on a WLAN against a RADIUS server.

When configuring the WLAN controller, you have to create the WLAN itself on the controller, and then create the RADIUS Authentication and Accounting configurations as well.  This is where most of the problems lie.  If the RADIUS keys do not match, the users will not be able to get on the WLAN.

Create the WLAN according to your requirements:

   

Create the RADIUS Authentication and Accounting configurations:

 

Go back to the WLAN and add/select the AAA servers you just created:

With the WLAN completely configured to your requirements (meaning, configure the other requirements on the other tabs for the WLAN) it is time to test.  One way would be to use an AP and a client and try to join the WLAN.  However, if you are remote, and configuring the WLANs for future deployments, not being onsite presents a challenge when testing the RADIUS configuration on the WLAN Controller.

This document assumes you are comfortable with command line access into the WLAN Controller. 

We are going to use the “test aaa radius” command to test the scenario mentioned in the paragraph above.  We are going to use a fictitious username and password of “juser” & “mypassword”.  Since we just created the WLAN, we know it is WLAN ID #5, and there is no AP Group, so we will use “default-group”.  We just created the RADIUS server configuration, and its server index is #1.

Here is the syntax of the command:

Test aaa radius username juser password mypassword wlan-id 5 apgroup default-group server-index 1

Next, you have to issue a command, “test aaa show radius” to see if everything is working correctly: (your session will tell you the command to issue, as seen here:

 

Here’s a successful authentication test output:

(Cisco Controller) >test aaa show radius

Radius Test Request

  Wlan-id........................................ 5

  ApGroup Name................................... default-group

  Server Index................................... 1

Radius Test Response

Radius Server         Retry Status

-------------         ----- ------

192.168.100.100            1   Success

Authentication Response:

  Result Code: Success

 

Here’s an unsuccessful authentication test output:

(Cisco Controller) >test aaa show radius

Radius Test Request

  Wlan-id........................................ 5

  ApGroup Name................................... default-group

  Server Index................................... 1

Radius Test Response

Radius Server         Retry Status

-------------         ----- ------

192.168.100.100            1   Success

Authentication Response:

  Result Code: Authentication failed (this is wrong username/password)

 

Here’s an unsuccessful authentication test output because controller cannot reach server:

(Cisco Controller) >test aaa show radius

Radius Test Request

  Wlan-id........................................ 5

  ApGroup Name................................... default-group

  Server Index................................... 1

Radius Test Response

Radius Server         Retry Status

-------------         ----- ------

192.168.100.100            6   No response received from server (this is self-explanatory)

Authentication Response:

  Result Code: No response received from server (this is self-explanatory)

 

Here’s how to test RADIUS Fallback:

Make sure it is configured:

Make sure both authentication servers are listed in the WLAN profile

Then go back to where we were in testing:

(Cisco Controller) >test aaa show radius

Radius Test Request

  Wlan-id........................................ 5

  ApGroup Name................................... default-group

  Server Index................................... 1

Radius Test Response

Radius Server         Retry Status

-------------         ----- ------

192.168.100.100            6   No response received from server

192.168.100.101            1   Success

Authentication Response:

  Result Code: Success

 

 

 

 

 

 

2 comments:

  1. nice
    https://www.w3schools.com/tags/tryit.asp?filename=tryhtml_link_test

    ReplyDelete
  2. ☑️DO YOU WANT TO RECOVER YOUR LOST FUNDS ON BINARY OPTIONS AND BITCOIN INVESTMENTS??? OR YOU NEED A LEGIT HACKING SERVICE ?? TAKE YOUR TIME TO READ🔘

    ☑️ The COMPOSITE CYBER SECURITY SPECIALISTS have received numerous complaints of fraud associated with websites that offers an opportunity to buy or trade binary options and bitcoin investments through Internet-based trading platforms.  Most Of The complaints falls into these Two categories:
    1.🔘 Refusal to credit customers accounts or reimburse funds to customers:
    These complaints typically involve customers who have deposited money into their binary options trading account and who are then encouraged by “brokers” over the telephone to deposit additional funds into the customer account.  When customers later attempt to withdraw their original deposit or the return they have been promised, the trading platforms allegedly cancel customers’ withdrawal requests, refuse to credit their accounts, or ignore their telephone calls and emails.

    2.🔘Manipulation of software to generate losing trades:
    These complaints allege that the Internet-based binary options trading platforms manipulate the trading software to distort binary options prices and payouts in order to ensure that the trade results in a Loss.  For example, when a customer’s trade is “winning,” the countdown to expiration is extended arbitrarily until the trade becomes a loss.

    ☑️ Most people have lost their hard earned money through binary options and bitcoin investments, yet they would go to meet fake recovery Experts unknowingly to help them recover their money and they would end up losing more money in the process. This Is Basically why we (COMPOSITE CYBER SECURITY SPECIALISTS) have come to y’all victim’s rescue. The clue is most of these Binary option brokers have weak Database security, and their vulnerabilities can be exploited easily with the Help of our Special HackTools, Root HackTools And Technical Hacking Strategies because they wouldn’t wanna spend money in the sponsorship of Bug bounty Programs which would have helped protect their Database from Unauthorized access to their Database, So all our specialists do is to hack into the Broker’s Database via SQL Hook injections & DNS Spoofing, Decrypt your Transaction Details, Trace the Routes of your Deposited Funds, Then some Technical Hacking Algorithms & Execution Which we cant explain here would follow then you have your money recovered. 💰 💰 ✔️✔️

    ☑️All our Specialists are well experienced in their various niches with Great Skills, Technical Hacking Strategies And Positive Online Reputations And Recommendations
    They hail from a proven track record and have cracked even the toughest of barriers to intrude and capture all relevant data needed by our Clients.
    We have Digital Forensic Specialists, Certified Ethical Hackers, Software Engineers, Cyber Security Experts, Private investigators and more. Our Goal is to make your digital life secure, safe and hassle free by Linking you Up With these great Professionals such as JACK CABLE, ARNE SWINNEN, SEAN MELIA, DAWID CZAGAN, COSTELLO FRANK And More. These Professionals are Well Reserved Professionals who you can hardly get their audience EXCEPT you reach them through us or any Other Cyber Security Company.
    All You Need to Do is to send us a mail and we’ll Assign any of these specialists to Handle your Job immediately.

    ☑️ Below Is A Full List Of Our Services:
    * FUNDS RECOVERY ON BINARY OPTIONS AND BITCOIN INVESTMENTS
    * WEBSITE HACKING
    * CREDIT CARD MISHAPS
    * PHONE HACKING (giving you Unnoticeable access to everything Happening on the Target’s Phone)
    * CLEARING OF CRIMINAL RECORDS
    * SOCIAL MEDIA ACCOUNTS HACKING


    ☑️ CONTACT:
    ••• Email:
    composite.cybersecurity@protonmail.com

    🔘2020 © composite cybersecurity specialists
    🔘Want faster service? Contact us!
    🔘All Rights Reserved ®️























































































































































































































    ReplyDelete