Prerequisites

Log in to the Aruba wireless LAN controller

Configure Hotspot 2.0

Define ANQP profiles

ANQP Domain Name Profile

ANQP NAI Realm Profile

ANQP Roaming Consortium Profile

ANQP Venue Name Profile

H2QP WAN Metrics

Configure the Advertisement Profile

Create the Advertisement Profile

Assign ANQP profiles to the Advertisement Profile

Configure the Hotspot 2.0 Profile

Create the Hotspot 2.0 Profile

Assign the Advertisement Profile to the Hotspot 2.0 Profile

Set up a secure RADIUS connection

Configure Authentication Servers

Add RADIUS authentication servers

Aggregate the RADIUS servers into a server group

Configure the 802.1X Authentication Profile

Configure the AAA Profile

Create the AAA Profile

Assign the 802.1X Authentication Profile and Server Group to the AAA Profile

Configure the wireless LAN

Create the SSID Profile

Create and configure the wireless LAN

Configure a virtual access point

Create the Virtual AP Profile

Assign all profiles to the Virtual AP Profile

Troubleshoot the configuration

OUI and EAP settings

RADIUS service

Configure Aruba wireless LAN controller

This guide describes how to set up and test your Aruba wireless environment so you can use it with radsecproxy and Orion Wifi. You’ll create a set of configuration profiles that you assign to a virtual access point.  

• Log in to the Aruba wireless LAN controller dashboard as a user with administrative privileges.
• Configure Hotspot 2.0.
• Set up a secure RADIUS connection.
• Create the wireless LAN.
• Assign all profiles to a virtual access point.
• Troubleshoot the configuration.

Prerequisites

You need AOS 6.4x or later. These versions support Hotspot 2.0.

Log in to the Aruba wireless LAN controller

To start the configuration process, log in to the Aruba wireless controller dashboard as admin.  For existing environments with additional users, log in as a user with administrative privileges.

The Aruba Dashboard appears.

Note: There are a number of options to set. Only the options that require your input are shown. Default values are used for options that don’t need adjustment.

Configure Hotspot 2.0

Hotspot 2.0 allows mobile devices to join a WiFi network automatically, including during roaming, when the devices enter the Hotspot 2.0 area.

Define ANQP profiles

Access Network Query Protocol (ANQP) provides a range of information, such as IP address type and availability, and roaming partners accessible through a hotspot.

Note: Because the process for defining ANQP profiles is the same for all ANQP profiles, detailed screen captures are shown only for the first ANQP profile definition.

ANQP Domain Name Profile

The ANQP Domain Name Profile identifies the hotspot operator domain name.

1. Select Configuration and then System from the menu on the left side of the Aruba Dashboard.
   
2. Select the Profiles tab on the top right of the dashboard. A list of all profiles appears.
   
3. Select Wireless LAN from the Profiles list.
   
4. Under Wireless LAN, select ANQP Domain Name. On the right side of the page, an area appears where you’ll define the profile.
   
5. Click + next to ANQP Domain Name Profile to add the profile. Text boxes appear.
   
6. Enter the Profile Name and Domain Name into the text boxes, such as “Orion_DomainProfile” and “my-domain.net”.
   
   
   
7. Click Submit on the bottom right. This saves and loads the configuration.
   
8. Click Pending Changes on the top right. The Pending Changes dialog box appears.
   
9. Click Deploy Changes to commit the configuration. The completed profile should look similar to this image.
   
   

ANQP NAI Realm Profile

The NAI Realm Profile describes the Network Access Identifier (NAI) values and the method used for authentication. The values you enter here are reflected in the Generic Advertisement Service (GAS) Response frame.

1. Select Configuration and then System from the menu on the left side of the Aruba Dashboard.
   
2. Select the Profiles tab on the top right of the dashboard. A list of all profiles appears.
   
3. Select Wireless LAN from the Profiles list.
   
4. Under Wireless LAN, select ANQP NAI Realm. On the right side of the page, an area appears where you’ll define the profile.
   
5. Click + next to ANQP NAI Realm Profile to add the profile. Text boxes appear.
   
6. Enter the Profile Name and NAI Realm Name into the text boxes, such as “Orion_Realm_Profile” and “*.orion.area120.com”
   
7. For NAI Realm Encoding, take the default value (uses a UTF-8 formatted character string).
   
8. (Optional) Click the checkbox next to NAI Home Realm to specify this as the Home Realm.
   
9. Select eap-aka for NAI Realm EAP Method 1. The ANQP NAI Realm Authentication Param 1 information box appears.
   
10. Click + at the bottom left of the ANQP NAI Realm Authentication Param 1 box.
    
    
    
    
    The Add New dialog box appears.
    
11. For ID, select credential-type. For Value, select cred-sim.
    
    
    
    
12. Click OK.
    
13. Click Submit on the bottom right. This saves and loads the configuration.
    
14. Click Pending Changes on the top right. The Pending Changes dialog box appears.
    
15. Click Deploy Changes to commit the configuration.
    
    The completed profile should look similar to this image.
    
    
    
    

ANQP Roaming Consortium Profile

The Roaming Consortium Profile defines the service provider identity in beacons and probe responses to clients.

1. Select Configuration and then System from the menu on the left side of the Aruba Dashboard.
   
2. Select the Profiles tab on the top right of the dashboard. A list of all profiles appears.
   
3. Select Wireless LAN from the Profiles list.
   
4. Under Wireless LAN, select ANQP Roaming Consortium. On the right side of the page, an area appears where you’ll define the profile.
   
5. Click + next to ANQP Roaming Consortium Profile to add the profile. Text boxes appear.
   
6. Enter the Profile Name, such as “ANQP_Roaming”.
   
7. Enter “f4f5e8f5f4” for the Roaming Consortium OI Value.
   
   
   
8. Click Submit on the bottom right. This saves and loads the configuration.
   
9. Click Pending Changes on the top right. The Pending Changes dialog box appears.
   
10. Click Deploy Changes to commit the configuration.
    
    The completed profile should look similar to this image.
    
    
    

ANQP Venue Name Profile

The ANQP Venue Name Profile defines information elements for venue group and venue type, with a provision for a valid venue URL. The venue name is a unique identifier for each business site. For example, if your business is a coffee shop with 3 locations, each location is a specific site.

1. Select Configuration and then System from the menu on the left side of the Aruba Dashboard.
   
2. Select the Profiles tab on the top right of the dashboard. A list of all profiles appears.
   
3. Select Wireless LAN from the Profiles list.
   
4. Under Wireless LAN, select ANQP Venue Name. On the right side of the page, an area appears where you’ll define the profile.
   
5. Click + next to ANQP Venue Name Profile to add the profile. Text boxes appear.
   
6. Enter the Profile Name into the text box, such as “Orion_Venue_Profile”.
   
7. Select an appropriate Venue Group and Venue Type. (They default to “unspecified”.)
   
8. Enter the Venue Name, such as “123 Main St”.
   
   
   
   
   
9. Click Submit on the bottom right. This saves and loads the configuration.
   
10. Click Pending Changes on the top right. The Pending Changes dialog box appears.
    
11. Click Deploy Changes to commit the configuration.
    
    The completed profile should look similar to this image.
    
    

H2QP WAN Metrics

The ANQP Venue Name Profile defines a Hotspot 2.0 Query Protocol (H2QP) profile that specifies the hotspot WAN status and link metrics. The values under this category indicate the WAN Link capacity, speed and status.

1. Select Configuration and then System from the menu on the left side of the Aruba Dashboard.
   
2. Select the Profiles tab on the top right of the dashboard. A list of all profiles appears.
   
3. Select Wireless LAN from the Profiles list.
   
4. Under Wireless LAN, select H2QP WAN Metrics. On the right side of the page, an area appears where you’ll define the profile.
   
5. Click + next to H2QP WAN Metrics to add the profile. Text boxes appear.
   
6. Enter the Profile Name into the text box, such as “Orion_wan_metrics”.
   
7. Select the “link_up” option for  the H2QP WAN metrics link status. (They default to “reserved”.)
   
8. Check the box next to H2QP WAN metrics symmetric WAN link if the site has a WAN link with symmetric speed in both the uplink and downlink directions. (Optional)
   
9. Note: DO NOT check the option H2QP WAN metrics link at capacity since this indicates that the WAN Link has reached its maximum capacity. If this parameter is enabled, no additional mobile devices will be permitted to associate to the hotspot.
   
10. Select values consistent with the WAN link capacity for WAN Metrics uplink speed: (0 - 2,147,483,647 Kbps). This indicates the current WAN backhaul uplink speed in Kbps. If no value is set, this parameter will show a default value of 0 to indicate that the uplink speed is unknown or unspecified. E.g. 10000
    
11. Select values consistent with the WAN link capacity for WAN Metrics downlink speed: (0 - 2,147,483,647 Kbps). This indicates the current WAN backhaul downlink speed in Kbps. If no value is set, this parameter will show a default value of 0 to indicate that the downlink speed is unknown or unspecified. E.g. 10000
    
12. Select values consistent with the WAN link capacity for WAN Metrics uplink load: (1-100) this indicates the percentage of the WAN uplink that is currently utilized. If no value is set, this parameter will show a default value of 0 to indicate that the downlink speed is unknown or unspecified.
    
13. Select values consistent with the WAN link capacity for WAN Metrics downlink load: (1-100) this configures the percentage of the WAN downlink that is currently utilized. If no value is set, this parameter will show a default value of 0 to indicate that the downlink speed is unknown or unspecified.

14. Click Submit on the bottom right. This saves and loads the configuration.
    
15. Click Pending Changes on the top right. The Pending Changes dialog box appears.
    
16. Click Deploy Changes to commit the configuration.
    
    The completed profile should look similar to this image.
    
    

Configure the Advertisement Profile

You assign the ANQP profiles you defined to an Advertisement Profile. The Advertisement Profile collects ANQP profiles into an entity that the Hotspot 2.0 wireless LAN can broadcast (advertise).

Create the Advertisement Profile

1. Select Configuration and then System from the menu on the left side of the Aruba Dashboard.
   
2. Select the Profiles tab on the top right of the dashboard. A list of all profiles appears.
   
   
   
3. Select Wireless LAN from the Profiles list.
   
4. Under Wireless LAN, select Advertisement. On the right side of the page, an area appears where you’ll define the profile.
   
   
   
   
   
   
   
5. Click + next to Advertisement Profile to add the profile. Text boxes appear.
   
6. Enter the Profile Name, such as “Orion_AdvProfile”.
   
   
   
7. Click Submit on the bottom right. This saves and loads the configuration.
8. Click Pending Changes on the top right.
   
   
   
   The Pending Changes dialog box appears.
   

9. Click Deploy Changes to commit the configuration.
   
   The completed profile should look similar to this image.
   
   
   
   

Assign ANQP profiles to the Advertisement Profile

Assign (link) the ANQP profiles you defined previously to the Advertisement Profile.

1. From the Aruba Dashboard, select Configuration > System > Wireless LAN > Advertisement > Orion_AdvProfile > ANQP Domain Name. The ANQP Domain Name Profile information box appears.
   
2. Click + at the bottom left of the ANQP Domain Name Profile information box.
   
   
   
   The Add New dialog box appears.
   
3. Select the ANQP Domain Name Profile you defined.
   
   
   
   
4. Click OK.
   
5. Click Submit on the bottom right. This saves and loads the configuration.
   
6. Click Pending Changes on the top right. The Pending Changes dialog box appears.
   
7. Click Deploy Changes to commit the configuration.

8. Repeat the process in steps 1-7 to assign the rest of the ANQP profiles to the Advertisement Profile. You have to submit and deploy changes for each ANQP profile.
   
   ANQP 3GPP Cellular Network
   ANQP NAI Realm
   ANQP Roaming Consortium
   ANQP Venue Name
   

Configure the Hotspot 2.0 Profile

You create a Hotspot 2.0 Profile and assign (link) the Advertisement Profile to it.

Create the Hotspot 2.0 Profile

1. Select Configuration and then System from the menu on the left side of the Aruba Dashboard.
   
2. Select the Profiles tab on the top right of the dashboard. A list of all profiles appears.
   
   
3. Select Wireless LAN from the Profiles list.
   
4. Under Wireless LAN, select Hotspot 2.0. On the right side of the page, an area appears where you’ll define the profile.
   
   
   
   
   
   
5. Click + next to Hotspot 2.0 Profile to add the profile. Text boxes appear.
   
6. Complete this information for the Hotspot 2.0 profile.
   
   Profile name—Enter an appropriate profile name, such as “Orion_HS”.
   Advertise Hotspot 2.0 Capability—Click the checkbox.
   Access network Type—Select an appropriate option, such as “public-chargeable”.
   Roaming Consortium OI value 1—Enter “f4f5e8f5f4”.
   Venue Group Type—Select an appropriate option, such as “business”.
   Venue Type—Select an appropriate option, such as “business-professional-office”.
   RADIUS Chargeable User Identity(RFC4372):—Click the checkbox.
   RADIUS Location Data (RFC5580)—Click the checkbox.
   
7. Click Submit on the bottom right. This saves and loads the configuration.
8. Click Pending Changes on the top right.
   
   
   
   The Pending Changes dialog box appears.
   

9. Click Deploy Changes to commit the configuration.
   
   The completed profile should look similar to this image.
   
   
   
   
   

Assign the Advertisement Profile to the Hotspot 2.0 Profile

Assign (link) the Advertisement Profile you defined previously to the Hotspot 2.0 Profile.

1. From the Aruba Dashboard, select Configuration > System > Wireless LAN > Hotspot 2.0 > Orion_HS > Advertisement. The Advertisement Profile: Orion_AdvProfile information box appears.
   
2. Select the Advertisement Profile you defined.
   
   
   
3. Click Submit on the bottom right. This saves and loads the configuration.
   
4. Click Pending Changes on the top right. The Pending Changes dialog box appears.
   
5. Click Deploy Changes to commit the configuration.
   

Set up a secure RADIUS connection

It’s important to set up a secure RADIUS connection between the wireless LAN controller and Orion Wifi.

Orion Wifi uses RadSec (RADIUS over TLS) to ensure end-to-end encryption of AAA traffic. Because the Aruba wireless LAN controller doesn’t natively support RadSec, AAA traffic is directed to a RadSec proxy (radsecproxy) before the traffic is sent over the internet.

Configure Authentication Servers

We recommend you create a primary RADIUS authentication server and at least one secondary RADIUS authentication server. Then you’ll create a server group for them.

Add RADIUS authentication servers

1. Select Configuration and then Authentication from the menu on the left side of the Aruba Dashboard.
   
2. Select the Auth Servers tab on the top left of the dashboard. A list of RADIUS authentication servers appears, including servers and server groups.
   
   
   
3. Click + at the bottom left of the All Servers information box. The New Server dialog box appears.
   
4. Enter the server Name, such as “Radsec-1”.
   
5. Enter the IP address/hostname.
   
6. Take the default server Type of RADIUS.
   
   
   
7. Click Submit. The RADIUS server you added appears in the All Servers list.
   
   
   
8. Double click the server you added to specify its properties. A list of Server Options appears.
   
9. Complete this information for the RADIUS server.
   
   Auth port—Take the default of 1812.
   Acc port—Take the default of 1813.
   Shared key—Enter a RADIUS server secret.
   Retype key—Re-enter the RADIUS server secret.
   NAS ID—Enter a valid site identifier for your venue. Orion Wifi uses the RADIUS NAS ID to identify your venue (a site location) with each RADIUS access request.
   Station ID type—(Optional) Choose a valid Station ID type.
   
   
   
   
10. Click Submit on the bottom right. This saves and loads the configuration.
11. Click Pending Changes on the top right.
    
    
    
    The Pending Changes dialog box appears.
    

12. Click Deploy Changes to commit the configuration.
    
13. Repeat steps 1-11 to add one or more redundant RADIUS servers, such as “Radsec-2”. You have to submit and deploy changes for each RADIUS server.
    
    It’s a best practice to create more than one RADIUS server to avoid a single point of failure.  

Aggregate the RADIUS servers into a server group

You can create groups of servers for specific types of authentication.

1. From the Aruba Dashboard, select Configuration > System > Configuration  > Authentication > Auth Servers. A list of RADIUS authentication servers appears, including servers and server groups.
   
2. Click + at the bottom left of the Server Groups information box.
   
   
   
   The Add Server Group dialog box appears.
   
3. Enter the server Name, such as “Orion_dot1_svg”.
   
   
   
4. Click Submit.
   
5. Select the newly created server group in the Server Groups list.
   
6. Click + at the bottom left of the Server Groups information box to add a server to the server group. The New Server for <servergroupname> dialog box appears.
   
7. Select a server to add to the server group.
   
   
   
8. Click Submit.
   
   The RADIUS server you selected appears in the list of servers for the server group.
   
   
           

Configure the 802.1X Authentication Profile

1. Select Configuration and then Authentication from the menu on the left side of the Aruba Dashboard.
   
2. Select the L2 Authentication tab on the top middle of the dashboard. Then select 802.1X Authentication.
   
   On the right side of the page, an area appears where you’ll define the profile.
   
   
   
   
3. Click + next to 802.1X Authentication Profile to add the profile. Text boxes appear.
   
4. Complete this information for the 802.1X Authentication Profile.
   
   Profile name—Enter an appropriate profile name, such as “Orion_dot1.aut” this is to avoid using default profile in the configuration.

5. Click Submit on the bottom right. This saves and loads the configuration.
6. Click Pending Changes on the top right.
   
   
   
   The Pending Changes dialog box appears.
   

7. Click Deploy Changes to commit the configuration.
   
   The completed 802.1X Profile should look similar to this image.
   
   
   

Configure the AAA Profile

You create the AAA Profile and then assign (link) the previously defined 802.1X Authentication Profile and RADIUS Authentication Server Group to the AAA Profile.

Create the AAA Profile

8. Select Configuration and then Authentication from the menu on the left side of the Aruba Dashboard.
   
9. Select the AAA Profiles tab on the top middle of the dashboard..
   
   On the right side of the page, an area appears where you’ll define the profile.
   
   
   
10. Click + next to AAA Profile to add the profile. Text boxes appear.
    
11. Complete this information for the AAA Profile.
    
    Profile name—Enter an appropriate profile name, such as “Orion_aaa_prof”.
    RADIUS Interim Accounting—Click the checkbox.
    RADIUS Acct-Session-Id In Access-Request—Click the checkbox.
    
12. Click Submit on the bottom right. This saves and loads the configuration.
13. Click Pending Changes on the top right.
    
    
    
    The Pending Changes dialog box appears.
    

14. Click Deploy Changes to commit the configuration.
    
    The completed AAA Profile should look similar to this image.
    
    
    

Assign the 802.1X Authentication Profile and Server Group to the AAA Profile

1. From the Aruba Dashboard, select Configuration > Authentication > AAA Profiles  > AAA
   
2. Select 802.1X Authentication under the AAA Profile you defined. The 802.1X Authentication Profile: Orion_dot1_aut  information box appears.
   
3. Select the 802.1X Authentication Profile you defined.
   
   
   
4. Click Submit on the bottom right. This saves and loads the configuration.
   
5. Select 802.1X Authentication Server Group under the AAA Profile you defined. The Server Group: Orion_dot1_aut  information box appears.
   
6. Select the RADIUS Authentication Server Group you defined.
   
   
   
   Note: With redundant servers, we recommend selecting Fail Through so that only the primary server is active. This avoids asymmetric routing issues.
   
7. Click Submit on the bottom right. This saves and loads the configuration.

8. Select RADIUS Accounting Server Group under the AAA Profile you defined. The Server Group: Orion_dot1_aut  information box appears.

9. Select the RADIUS Authentication Server Group you defined.

10. Click Submit on the bottom right. This saves and loads the configuration.

11. Click Pending Changes on the top right. The Pending Changes dialog box appears.
    
12. Click Deploy Changes to commit the configuration.

Configure the wireless LAN

To configure the wireless LAN, you create an SSID profile and then configure the wireless LAN with the RADIUS Authentication servers.

Create the SSID Profile

If you're new to Orion Wifi, we recommend creating a new SSID to avoid impacting any existing SSID configurations running in production.  

After configuring and testing Orion Wifi with radsecproxy enabled, you can then delete your old SSID and use the Orion SSID for production purposes.

1. Select Configuration and then System from the menu on the left side of the Aruba Dashboard.
   
2. Select the Profiles tab on the top right of the dashboard. A list of all profiles appears.
   
   
3. Select Wireless LAN from the Profiles list.
   
4. Under Wireless LAN, select SSID. On the right side of the page, an area appears where you’ll define the profile.
   
   
   
5. Click + next to SSID Profile to add the profile. Text boxes appear.
   
6. Complete this information for the SSID Profile.  Each SSID you create will use the properties (such as encryption, channel, ESSID and WPA type) you define in the SSID profile.
   
   Profile name—Enter an appropriate profile name, such as “Orion_SSID_prof”.

ESSID—Enter a string value, cannot be left blank.
WPA Passphrase—Check wpa2-aes.

7. Click Submit on the bottom right. This saves and loads the configuration.
8. Click Pending Changes on the top right.
   
   
   
   The Pending Changes dialog box appears.
   

9. Click Deploy Changes to commit the configuration.
   
   The completed SSID Profile should look similar to this image.
   
   
   

Create and configure the wireless LAN

1. Select Configuration and then WLANs from the menu on the left side of the Aruba Dashboard.
   
   A WLANs information box appears.
   
   
   

2. Click + at the bottom left of the WLANs information box. You see properties to define for the wireless LAN.
   
   
   
   
3. Complete General properties for the wireless LAN.
   
   Name (SSID)—Enter “Orion Wifi”. Enter a name that people who are trying to connect to the network will see.
   Primary usage—Select Employee (default value)
   Broadcast on—Select All APs (default value) or a group of access points.
   Forwarding mode—Select the appropriate forwarding mode for your network.
   
   
   
   
4. Click Next on the bottom right.
   
   
   
5. Complete VLANs properties for the wireless LAN per your network requirements.
   
6. Click Next on the bottom right.
   
7. Complete Security properties for the wireless LAN. Select Enterprise and configure its options.
   
   Key management—Select WPA2-Enterprise.
   Reauth interval—Enter an appropriate interval (default is 1440 minutes).
   
   
   
   
8. Add the RADIUS Authentication servers to the wireless LAN by clicking + in the bottom left of the Auth servers information box.
   
9. Select each RADIUS Authentication server and click OK on the bottom right to add it.
   
10. Click Next on the bottom right.
    
11. In the Access properties, select the appropriate Default role for clients who join the wireless LAN.
    
    
12. Click Finish on the bottom right to save the wireless LAN.
    
13. Click Submit on the bottom right. This saves and loads the configuration.
14. Click Pending Changes on the top right.
    
    
    
    The Pending Changes dialog box appears.
    

15. Click Deploy Changes to commit the configuration.
    

Configure a virtual access point

You assign the configuration profiles you’ve defined to a virtual access point (AP).

Create the Virtual AP Profile

1. Select Configuration and then System from the menu on the left side of the Aruba Dashboard.
   
2. Select the Profiles tab on the top right of the dashboard. A list of all profiles appears.
   
   
3. Select Wireless LAN from the Profiles list.
   
4. Under Wireless LAN, select Virtual AP. On the right side of the page, an area appears where you’ll define the profile.
   
   
   
   
5. Click + next to Virtual AP: New Profile to add the profile. Text boxes appear.
   
6. Complete this information for the Virtual AP Profile.
   
   Profile name—Enter an appropriate profile name, such as “Orion Wifi”.
   Forward mode—Select bridge (the selection might be different depending on your  existing network settings).
   
7. Click Submit on the bottom right. This saves and loads the configuration.
8. Click Pending Changes on the top right.
   
   
   
   The Pending Changes dialog box appears.
   

9. Click Deploy Changes to commit the configuration.
   
   The completed Virtual AP Profile should look similar to this image.
   
   
   

Assign all profiles to the Virtual AP Profile

1. From the Aruba Dashboard, select Configuration > System > Profiles  > Wireless LAN > Virtual AP.
   
2. Select AAA under the Virtual AP you defined. The AAA Profile: Orion_aaa_prof  information box appears.
   
3. Select the AAA Profile you defined.
   
   
   
4. Click Submit on the bottom right. This saves and loads the configuration.
   
5. Click Pending Changes on the top right. The Pending Changes dialog box appears.
   
6. Click Deploy Changes to commit the configuration.
   
7. Repeat steps 1-6 to assign these profiles to the Virtual AP Profile. You have to submit and deploy changes for each profile.
   

• Hotspot 2.0
• SSID

Troubleshoot the configuration

OUI and EAP settings

If the OUI and EAP method aren’t set correctly, mobile devices can’t automatically connect (which is intended).  If radsecproxy logs are showing an attempt to connect but failing, it means radsecproxy IP addresses are probably correct in the RADIUS authentication and accounting settings, but the EAP settings could be wrong.

Review ANQP Roaming Consortium Profile and ANQP NAI Realm Profile to make sure your configuration is correct.

RADIUS service

If the IP addresses, ports, or secrets used for the primary and secondary servers are wrong, the RADIUS server can’t be contacted.  In this situation, radsecproxy logs can’t be generated, because traffic isn’t passing to the wireless LAN controller from radsecproxy.  

If no new logs are coming in, it means the SSID isn’t passing traffic to radsecproxy. If this is the case, you should check the RADIUS configuration.

Review Set up a secure RADIUS connection and make sure your configuration is correct.