Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 1126 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RADIUS authentication for WiFi suddenly stops working daily

bcw

Hello,

we have a XG125 in HQ and a XG86 in Branch Office (BO). Using latest firmware: SFOS 18.0.5 MR-5-Build586. Both are connected via a S2S SSL VPN (not IPSec). We are using RADIUS for WIFI authentication on all sites. RADIUS Servers are located in the HQ. 

After booting the XG86 in th BO RADIUS authentication for the WIFI is working fine until a point in time, I think it is reconnect of Internet/ VPN in the night and then the XG86 does not reach the RADIUS Server anymore. Then also the authentication test in RADIUS Server configuration tab fails. Rebooting the XG86 solves the problem for the day... After reboot the authentication test is fine again and also the WIFI clients can authenticate via RADIUS. 

How can we get rid of this issue? 

Thank you!



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Request to take below observations when you lose the RADIUS server reachability from XG86.

    ==> Login to SSH > 5. Device Management > 3. Advanced Shell

    Put access_server service in debugging.

    # service access_server:debug -ds nosync

    Run the below command:

    # tail -f /log/access_server.log

    ==> Go to Diagnostics > Packet capture

    Enter BPF string: port <Radius_Authentication_port>

    eg: port 1812

    ==> Test connection to the server and share both session output/snapshot here or in PM.

    ==> Run below command to stop debugging:

    # service access_server:debug -ds nosync

    # service -S | grep access_server

    =======================================================

    Share output of the below command as well.

    ==> Login to SSH > 4. Device Console

    console> show advanced-firewall

Reply
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Request to take below observations when you lose the RADIUS server reachability from XG86.

    ==> Login to SSH > 5. Device Management > 3. Advanced Shell

    Put access_server service in debugging.

    # service access_server:debug -ds nosync

    Run the below command:

    # tail -f /log/access_server.log

    ==> Go to Diagnostics > Packet capture

    Enter BPF string: port <Radius_Authentication_port>

    eg: port 1812

    ==> Test connection to the server and share both session output/snapshot here or in PM.

    ==> Run below command to stop debugging:

    # service access_server:debug -ds nosync

    # service -S | grep access_server

    =======================================================

    Share output of the below command as well.

    ==> Login to SSH > 4. Device Console

    console> show advanced-firewall

Children
  • 0 in reply to FormerMember

    Hello, I can exactly reproduce the error on a second XG210 connecting via SSL VPN to the HQ. After reconnecting to Internet/ VPN, RADIUS and ping from Firewall itself to HQ LAN does not work anymore until reboot. 

    Sounds for me like a bug.