Extreme Networks

prashan · ‎10-22-2018

I tried to remove external radius server object from HM. But when i try to remove the object, it will give following error . "The External RADIUS Server cannot be removed because it is used by another object (RADIUS Client Object Entry). Please disassociate references from other configuration items before removing the item."

I don't find any RADIUS Client Object Entry in HM

Can any expert help me out here

samantha_lynn · ‎10-24-2018

If all of your APs are showing a green check mark next to the host name on the Monitor page, then you'll just want to click on that green check mark, which will open the audit view. You'll want to go to the Complete tab in the audit view, and check the output shown there to see what Radius object it has in use. We'll only need this from one AP per network policy you have deployed, again as long as all APs are fully updated currently. If they are not fully updated, we'll want to push a complete configuration, and then try to delete the Radius object again. If you're unable to push a complete configuration, we'd have to SSH in to each AP and run the commands "console page 0" and "show run", and then check that output for the Radius server in use.

View solution in original post

AnonymousM · ‎02-07-2019

Hi all,

I’ve solved it by reinstalling a brand new HiveManager (on-premises).
Though this is not ideally for must of you, the existence of a non-removable object annoyed me too much.

Met vriendelijke groet,

Jeroen Bakker
Senior Technical Consultant & Security Officer

Overschieseweg 323 | Schiedam
Algemeen: 010 - 591 10 21
Direct: 088 - 676 37 57
j.bakker@ormer.nl | www.ormer.nl

* Afwezig op dinsdag

wies_hays · ‎02-07-2019

Nicholas described the solution to get around this!

The core of this is, that web user interface lets you edit "External RADIUS Servers"(Configure/Common Objects/Aujtentication), but not "RADIUS Server groups".

"RADIUS Server groups" is what you actually apply to the Authentication Settings of an SSID with Enterprise Authentication.

AFAIK this is the only place where you can configure "RADIUS Server Groups", though the interface is titled "Configure RADIUS Servers" (IMHO this should be changes to something like "Configure RADIUS server group").

Here are the steps how to reproduce that problem (applies to 12.8.2.2-NGVASEP18 ... that's on-prmisses, not the cloud version)

Create a few External RADIUS server objects under "Common Objects/AUTHENTICATION".
Create a new policy or use an existing one: Create a new SSID (standard network) in that policy. In "SSID Usage/SSID Authentication" select "Enterprise".
Under "Authentication Settings"/Authenticate via RADIUS Server click on the "+" next to "Default RADIUS Server Group"
Dialogue "Configure RADIUS server group" opens. Enter a name for your RADIUS Server group.
Click on the "select"-icon right of the "ADD"-button.
Select one or more of the Objects you created in step 1. Then click on "SELECT SERVERS".
Back to the previous dialogue click on "SAVE RADIUS".
Back the "Wireles Network" configuration enter a name for the SSID then click on "SAVE".
Click on "NEXT" untill you see the "UPLOAD" button. You don't have to upload!
Now back to CONFIGURE/NETWORK POLICIES and delete the SSID you just created (by clicking on the trash can the pops once the mouse pointer is over the SSID object.). You can also delete the policy if it was just for testing..
Now go to CONFIGURE/COMMON OBJECTS/POLICY/SSIDs. Also delete your SSID there.
Finally go back to CONFIGURE/COMMON OBJECTS/AUTHENTICATION/External RADIUS Servers" and delete the objects you created in step 1.

You will find that objects you did not select for your Group (step 6) can easily be deleted.

Those you did select, cannot be deleted with error: "The External RADIUS Server cannot be removed because it is used by another object (RADIUS Client Object Entry). Please disassociate references from other configuration items before removing the item."

The "Used by" in this table is empty of course.

The only way to delete these objects is as Nicholas described:

Create a new SSID with Enterprise authentication and click on the "select"-icon next to "Default RADIUS Server Group". Here you can see the group you created and are able to delete it.

Once you have done that, you are also able to delete your External RADIUS Server objects.

I hope AeroHive will improve this. IMHO The groups must be editable under COMMON OBJECTS/AUTHENTICATION.

Joscha · ‎01-16-2023

Thanks for the instructions, yet i have still the problem, that i cant delete the Radius Server Group, even if i ,as you described create a new SSID (in Enterprise mode). The error message still remains the same. Is there any way to fix this?

Thanks in advance for your help! 🙂

(I am using the cloud version of Cloud IQ)

nicholas_moore · ‎02-07-2019

Based on the error message given by Prashan, there is a RADIUS Server Group object that is still using the servers you are trying to delete. You would want to go into a RADIUS SSID(or create one) then use the Select icon next to RADIUS Server Groups. From here, you can delete the groups, freeing the RADIUS Server for deletion from Common Objects.

Extreme Networks

How to remove the External Radius Server object from HM ?

How to remove the External Radius Server object from HM ?