How to debug Radius with Tcpdump - How-to-debug-Radius-with-Tcpdump/How-to-debug-Radius-with-Tcpdump

How to debug Radius with Tcpdump
ft:locale
en-US
ft:sourceName
Salesforce
allViewCount
1181
Document Type
Article

Understand Radius debugging

Command Line Interface
  • Remote Connect > Console
  • Local Device
    • System > System Control > Device Options > Device Console
Example:
Client address is 10.15.0.1
Server address is 172.21.21.93

 
Example:
Client address is 10.15.0.1
Server Address is 172.21.21.93
Interface WAN example is Device_ID
  1. Open Console (either through NetCloud Manager or Local)
  2. Type in the following command to capture packets on the WAN interface from UDP Port 1812
[administrator@INDIA-AER2200: /]$ tcpdump -i [WAN_INTERFACE] -n port 1812
  • Radius uses port 1812 to communicate between the client and the server. 
  • There are 3 messages that will be sent and received during  successful negotiation
    • Access-Request  --> Sent from the Client
    • Access-Challenge --> Sent from the Server
    • Access-Accept --> Sent from the Server
  • Example of Expected Results: 
    • [administrator@INDIA-AER2200: /]$ tcpdump -i vpn-460c9d10 -n port 1812                                   
06:57:17.503672 IP 10.15.0.1.43751 > 172.21.21.93.1812: RADIUS, Access-Request (1), id: 0x14 length: 205                
06:57:17.560852 IP 172.21.21.93.1812 > 10.15.0.1.43751: RADIUS, Access-Challenge (11), id: 0x14 length: 119             
06:57:17.836523 IP 172.21.21.93.1812 > 10.15.0.1.58035: RADIUS, Access-Accept (2), id: 0x18 length: 280