This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Extreme Networks AP Caches Radius Clients

Extreme Networks AP Caches Radius Clients

FranzNeubauer
New Contributor

‎05-07-2023 11:47 PM - edited ‎05-07-2023 11:48 PM

Hello Community,

 

we have a problem that our Extreme AP410C Access Points (managed by extreme Cloud IQ) caches the authenticated RADIUS Clients.

Our Test LAB:

Cisco ISE as RADIUS Server, SSID with WPA2 Personal PSK AND Mac Authentication (Cisco ISE as External RADIUS Server).

The Problem is that the AP reqest only the first time of authentication the Cisco ISE. Than i switched the Client in a "Black List" and Reauthenticate the Client in the WLAN. The next authentication retry doesnt get to the Cisco ISE (no logging in our Fortigate Forti Analyzer AND no Request in the RADIUS logging in the Cisco ISE), but the Wireless Client get entry in the Wireless network.

Conclusion:

There might be a cache- function configured local at the AP, or cloud based in the XIQ, so that the RADUIS requests answered local and not send to the RADIUS server itself.

 

I already had a look via ssh on the AP410c:

"show auth"

Output:

"Local-cache-timeout=86400" => 24h

 

But i dont find a setting to change this Time Range...

 

Is there anybody out there, who might have the same Problem or a solution to this 🙂

 

Thank you and best regards

0 Kudos
4 REPLIES 4

Andre_Jordaan
New Contributor II

‎05-08-2023 12:50 AM

Hi There,

Im no expert but have a look at:

security-object <your ssid> security roaming cache update-interval 10 ageout 600 

and / or

ssid <your ssid> client-age-out 15

Good luck!

 

0 Kudos

FranzNeubauer
New Contributor
In response to Andre_Jordaan

‎05-08-2023 12:55 AM

Hello Andre,

 

i dont have any of both in my running config. Is that a good or a bad point :-)?

 

Thank you!

0 Kudos

Andre_Jordaan
New Contributor II
In response to FranzNeubauer

‎05-08-2023 01:02 AM

My guess is that its using defaults then.

I set these using EIQ Cloud and looked at the config to find these and its also the AP410C. Not sure if you are using EIQ Cloud...

0 Kudos

James_A
Valued Contributor
In response to Andre_Jordaan

‎05-24-2023 06:29 PM - edited ‎05-24-2023 06:34 PM

Where do you set these in XIQ? Ah, found it https://extremeportal.force.com/ExtrArticleDetail?an=000104782

0 Kudos
GTM-P2G8KFN