Realm: berkshire.nhs.uk Full

berkshire.nhs.uk/ORPS: berkshire-nhs-uk-0
berkshire.nhs.uk/berkshire-nhs-uk-0/NRPS: roaming0.govroam.uk (212.219.190.139) - Unknown Client / Port 1812 Drop / Bad Client Shared Secret / Dropping Auth Requests /
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming0.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 8.80 ms
Last State Change
Thu Dec 12 11:33:13 2024
Last Check
Thu Dec 12 21:03:03 2024
Next Check
Thu Dec 12 21:13:03 2024
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming0.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Thu Dec 12 11:32:41 2024
Last Check
Thu Dec 12 21:02:39 2024
Next Check
Thu Dec 12 21:12:39 2024
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming0.govroam.uk/ Server Shared Secret
Output
UNKNOWN: No Data. No logs to check for last day
Last State Change
Thu Dec 12 11:32:13 2024
Last Check
Thu Dec 12 21:10:13 2024
Next Check
Thu Dec 12 21:20:12 2024
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming0.govroam.uk/ Simple Authentication
Output
WARNING: Timeout. No response from RADIUS server
Last State Change
Thu Dec 12 11:32:19 2024
Last Check
Thu Dec 12 21:10:18 2024
Next Check
Thu Dec 12 21:20:18 2024
Meaning:
An authentication attempt has been made using generic credentials and no response was received. It's expected that a RADIUS server would respond to non-existent credentials with an Access-Reject and if it didn't then there might be a problem. It's not part of the Tech Spec that all requests should be responded to but it's desirable. It would help us keep better track of your system state. However, be aware that all proxied/EAP requests MUST be responded to.
Solution:
Check your RADIUS logs to see what's happening to these requests. The username is 'jisctest' so should stand out. If you can, please ensure that your RADIUS server responds to the requests (with an Access-Reject). Alternatively, enable Status-Server (FreeRADIUS, RADIATOR and radsecproxy support it).
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming0.govroam.uk/ Zombie
Output
CRITICAL: Marked as down within the last day
Last State Change
Thu Dec 12 11:32:56 2024
Last Check
Thu Dec 12 21:00:55 2024
Next Check
Thu Dec 12 21:10:55 2024
Meaning:
Over the last day, the ORPS has been marked as 'down' by the NRPS. A server is marked as 'down' (or a Zombie) if it doesn't respond to an authentication query within 30s. If the ORPS is serving a Federation then the chances are that one of the Federation members isn't responding to a proxied query. If the ORPS isn't serving a Federation then it's a problem with the local configuration.
Solution:
An independently connected site needs to fix the configuration to ensure that the ORPS is sending a response to ALL auth requests. A Federation Operator nedds to check their logs to determine which members aren't sending responses and help them correct their configuration.
berkshire.nhs.uk/berkshire-nhs-uk-0/NRPS: roaming1.govroam.uk (212.219.209.43) - Unknown Client / Port 1812 Drop / Bad Client Shared Secret / Dropping Auth Requests /
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming1.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 10.02 ms
Last State Change
Thu Dec 12 11:33:29 2024
Last Check
Thu Dec 12 21:03:19 2024
Next Check
Thu Dec 12 21:13:19 2024
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming1.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Thu Dec 12 11:34:32 2024
Last Check
Thu Dec 12 21:04:30 2024
Next Check
Thu Dec 12 21:14:30 2024
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming1.govroam.uk/ Server Shared Secret
Output
UNKNOWN: No Data. No logs to check for last day
Last State Change
Thu Dec 12 11:36:06 2024
Last Check
Thu Dec 12 21:04:05 2024
Next Check
Thu Dec 12 21:14:05 2024
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming1.govroam.uk/ Simple Authentication
Output
WARNING: Timeout. No response from RADIUS server
Last State Change
Thu Dec 12 11:35:46 2024
Last Check
Thu Dec 12 21:03:45 2024
Next Check
Thu Dec 12 21:13:45 2024
Meaning:
An authentication attempt has been made using generic credentials and no response was received. It's expected that a RADIUS server would respond to non-existent credentials with an Access-Reject and if it didn't then there might be a problem. It's not part of the Tech Spec that all requests should be responded to but it's desirable. It would help us keep better track of your system state. However, be aware that all proxied/EAP requests MUST be responded to.
Solution:
Check your RADIUS logs to see what's happening to these requests. The username is 'jisctest' so should stand out. If you can, please ensure that your RADIUS server responds to the requests (with an Access-Reject). Alternatively, enable Status-Server (FreeRADIUS, RADIATOR and radsecproxy support it).
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming1.govroam.uk/ Zombie
Output
CRITICAL: Marked as down within the last day
Last State Change
Thu Dec 12 16:12:49 2024
Last Check
Thu Dec 12 21:02:47 2024
Next Check
Thu Dec 12 21:12:47 2024
Meaning:
Over the last day, the ORPS has been marked as 'down' by the NRPS. A server is marked as 'down' (or a Zombie) if it doesn't respond to an authentication query within 30s. If the ORPS is serving a Federation then the chances are that one of the Federation members isn't responding to a proxied query. If the ORPS isn't serving a Federation then it's a problem with the local configuration.
Solution:
An independently connected site needs to fix the configuration to ensure that the ORPS is sending a response to ALL auth requests. A Federation Operator nedds to check their logs to determine which members aren't sending responses and help them correct their configuration.
berkshire.nhs.uk/berkshire-nhs-uk-0/NRPS: roaming2.govroam.uk (212.219.247.59) - Unknown Client / Port 1812 Drop / Bad Client Shared Secret /
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming2.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 14.96 ms
Last State Change
Thu Dec 12 11:34:48 2024
Last Check
Thu Dec 12 21:04:38 2024
Next Check
Thu Dec 12 21:14:38 2024
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming2.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Thu Dec 12 11:33:02 2024
Last Check
Thu Dec 12 21:03:00 2024
Next Check
Thu Dec 12 21:13:00 2024
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming2.govroam.uk/ Server Shared Secret
Output
UNKNOWN: No Data. No logs to check for last day
Last State Change
Thu Dec 12 11:36:23 2024
Last Check
Thu Dec 12 21:04:21 2024
Next Check
Thu Dec 12 21:14:21 2024
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming2.govroam.uk/ Simple Authentication
Output
WARNING: Timeout. No response from RADIUS server
Last State Change
Thu Dec 12 11:36:42 2024
Last Check
Thu Dec 12 21:04:40 2024
Next Check
Thu Dec 12 21:14:40 2024
Meaning:
An authentication attempt has been made using generic credentials and no response was received. It's expected that a RADIUS server would respond to non-existent credentials with an Access-Reject and if it didn't then there might be a problem. It's not part of the Tech Spec that all requests should be responded to but it's desirable. It would help us keep better track of your system state. However, be aware that all proxied/EAP requests MUST be responded to.
Solution:
Check your RADIUS logs to see what's happening to these requests. The username is 'jisctest' so should stand out. If you can, please ensure that your RADIUS server responds to the requests (with an Access-Reject). Alternatively, enable Status-Server (FreeRADIUS, RADIATOR and radsecproxy support it).
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming2.govroam.uk/ Zombie
Output
UNKNOWN: No Data. No data but not marked as down within the last week
Last State Change
Thu Dec 12 14:34:11 2024
Last Check
Thu Dec 12 21:04:10 2024
Next Check
Thu Dec 12 21:14:10 2024
berkshire.nhs.uk/berkshire-nhs-uk-0/NRPS: roaming3.govroam.uk (195.194.21.203) - Unknown Client / Port 1812 Drop / Bad Client Shared Secret / Dropping Auth Requests /
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming3.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 17.86 ms
Last State Change
Thu Dec 12 11:35:09 2024
Last Check
Thu Dec 12 21:04:59 2024
Next Check
Thu Dec 12 21:14:59 2024
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming3.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Thu Dec 12 11:34:35 2024
Last Check
Thu Dec 12 21:04:33 2024
Next Check
Thu Dec 12 21:14:33 2024
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming3.govroam.uk/ Server Shared Secret
Output
UNKNOWN: No Data. No logs to check for last day
Last State Change
Thu Dec 12 11:33:54 2024
Last Check
Thu Dec 12 21:01:53 2024
Next Check
Thu Dec 12 21:11:53 2024
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming3.govroam.uk/ Simple Authentication
Output
WARNING: Timeout. No response from RADIUS server
Last State Change
Thu Dec 12 11:38:26 2024
Last Check
Thu Dec 12 21:06:24 2024
Next Check
Thu Dec 12 21:16:24 2024
Meaning:
An authentication attempt has been made using generic credentials and no response was received. It's expected that a RADIUS server would respond to non-existent credentials with an Access-Reject and if it didn't then there might be a problem. It's not part of the Tech Spec that all requests should be responded to but it's desirable. It would help us keep better track of your system state. However, be aware that all proxied/EAP requests MUST be responded to.
Solution:
Check your RADIUS logs to see what's happening to these requests. The username is 'jisctest' so should stand out. If you can, please ensure that your RADIUS server responds to the requests (with an Access-Reject). Alternatively, enable Status-Server (FreeRADIUS, RADIATOR and radsecproxy support it).
berkshire.nhs.uk/berkshire-nhs-uk-0/roaming3.govroam.uk/ Zombie
Output
CRITICAL: Marked as down within the last day
Last State Change
Thu Dec 12 15:55:59 2024
Last Check
Thu Dec 12 21:05:57 2024
Next Check
Thu Dec 12 21:15:57 2024
Meaning:
Over the last day, the ORPS has been marked as 'down' by the NRPS. A server is marked as 'down' (or a Zombie) if it doesn't respond to an authentication query within 30s. If the ORPS is serving a Federation then the chances are that one of the Federation members isn't responding to a proxied query. If the ORPS isn't serving a Federation then it's a problem with the local configuration.
Solution:
An independently connected site needs to fix the configuration to ensure that the ORPS is sending a response to ALL auth requests. A Federation Operator nedds to check their logs to determine which members aren't sending responses and help them correct their configuration.
berkshire.nhs.uk/ORPS: berkshire-nhs-uk-1
berkshire.nhs.uk/berkshire-nhs-uk-1/NRPS: roaming0.govroam.uk (212.219.190.139) - Unknown Client / Port 1812 Drop / Bad Client Shared Secret /
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming0.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 8.56 ms
Last State Change
Thu Dec 12 11:35:01 2024
Last Check
Thu Dec 12 21:04:51 2024
Next Check
Thu Dec 12 21:14:51 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming0.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Thu Dec 12 11:32:46 2024
Last Check
Thu Dec 12 21:02:44 2024
Next Check
Thu Dec 12 21:12:44 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming0.govroam.uk/ Server Shared Secret
Output
UNKNOWN: No Data. No logs to check for last day
Last State Change
Thu Dec 12 11:36:13 2024
Last Check
Thu Dec 12 21:04:12 2024
Next Check
Thu Dec 12 21:14:12 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming0.govroam.uk/ Simple Authentication
Output
WARNING: Timeout. No response from RADIUS server
Last State Change
Thu Dec 12 11:35:03 2024
Last Check
Thu Dec 12 21:03:02 2024
Next Check
Thu Dec 12 21:13:02 2024
Meaning:
An authentication attempt has been made using generic credentials and no response was received. It's expected that a RADIUS server would respond to non-existent credentials with an Access-Reject and if it didn't then there might be a problem. It's not part of the Tech Spec that all requests should be responded to but it's desirable. It would help us keep better track of your system state. However, be aware that all proxied/EAP requests MUST be responded to.
Solution:
Check your RADIUS logs to see what's happening to these requests. The username is 'jisctest' so should stand out. If you can, please ensure that your RADIUS server responds to the requests (with an Access-Reject). Alternatively, enable Status-Server (FreeRADIUS, RADIATOR and radsecproxy support it).
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming0.govroam.uk/ Zombie
Output
UNKNOWN: No Data. No data but not marked as down within the last week
Last State Change
Thu Dec 12 11:31:31 2024
Last Check
Thu Dec 12 21:09:27 2024
Next Check
Thu Dec 12 21:19:27 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/NRPS: roaming1.govroam.uk (212.219.209.43) - Unknown Client / Port 1812 Drop / Bad Client Shared Secret /
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming1.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 9.14 ms
Last State Change
Thu Dec 12 11:35:11 2024
Last Check
Thu Dec 12 21:05:02 2024
Next Check
Thu Dec 12 21:15:02 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming1.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Thu Dec 12 11:35:02 2024
Last Check
Thu Dec 12 21:05:01 2024
Next Check
Thu Dec 12 21:15:01 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming1.govroam.uk/ Server Shared Secret
Output
UNKNOWN: No Data. No logs to check for last day
Last State Change
Thu Dec 12 11:35:24 2024
Last Check
Thu Dec 12 21:03:21 2024
Next Check
Thu Dec 12 21:13:21 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming1.govroam.uk/ Simple Authentication
Output
WARNING: Timeout. No response from RADIUS server
Last State Change
Thu Dec 12 11:33:17 2024
Last Check
Thu Dec 12 21:01:16 2024
Next Check
Thu Dec 12 21:11:16 2024
Meaning:
An authentication attempt has been made using generic credentials and no response was received. It's expected that a RADIUS server would respond to non-existent credentials with an Access-Reject and if it didn't then there might be a problem. It's not part of the Tech Spec that all requests should be responded to but it's desirable. It would help us keep better track of your system state. However, be aware that all proxied/EAP requests MUST be responded to.
Solution:
Check your RADIUS logs to see what's happening to these requests. The username is 'jisctest' so should stand out. If you can, please ensure that your RADIUS server responds to the requests (with an Access-Reject). Alternatively, enable Status-Server (FreeRADIUS, RADIATOR and radsecproxy support it).
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming1.govroam.uk/ Zombie
Output
UNKNOWN: No Data. No data but not marked as down within the last week
Last State Change
Thu Dec 12 11:35:34 2024
Last Check
Thu Dec 12 21:03:33 2024
Next Check
Thu Dec 12 21:13:33 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/NRPS: roaming2.govroam.uk (212.219.247.59) - Unknown Client / Port 1812 Drop / Bad Client Shared Secret /
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming2.govroam.uk/ Ping
Output
PING OK - Packet loss = 9%, RTA = 14.75 ms
Last State Change
Thu Dec 12 11:35:33 2024
Last Check
Thu Dec 12 21:05:23 2024
Next Check
Thu Dec 12 21:15:23 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming2.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Thu Dec 12 11:35:51 2024
Last Check
Thu Dec 12 21:05:50 2024
Next Check
Thu Dec 12 21:15:50 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming2.govroam.uk/ Server Shared Secret
Output
UNKNOWN: No Data. No logs to check for last day
Last State Change
Thu Dec 12 11:37:19 2024
Last Check
Thu Dec 12 21:05:17 2024
Next Check
Thu Dec 12 21:15:17 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming2.govroam.uk/ Simple Authentication
Output
WARNING: Timeout. No response from RADIUS server
Last State Change
Thu Dec 12 11:35:38 2024
Last Check
Thu Dec 12 21:03:37 2024
Next Check
Thu Dec 12 21:13:37 2024
Meaning:
An authentication attempt has been made using generic credentials and no response was received. It's expected that a RADIUS server would respond to non-existent credentials with an Access-Reject and if it didn't then there might be a problem. It's not part of the Tech Spec that all requests should be responded to but it's desirable. It would help us keep better track of your system state. However, be aware that all proxied/EAP requests MUST be responded to.
Solution:
Check your RADIUS logs to see what's happening to these requests. The username is 'jisctest' so should stand out. If you can, please ensure that your RADIUS server responds to the requests (with an Access-Reject). Alternatively, enable Status-Server (FreeRADIUS, RADIATOR and radsecproxy support it).
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming2.govroam.uk/ Zombie
Output
UNKNOWN: No Data. No data but not marked as down within the last week
Last State Change
Thu Dec 12 11:35:41 2024
Last Check
Thu Dec 12 21:03:40 2024
Next Check
Thu Dec 12 21:13:40 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/NRPS: roaming3.govroam.uk (195.194.21.203) - Unknown Client / Port 1812 Drop / Bad Client Shared Secret /
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming3.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 14.38 ms
Last State Change
Thu Dec 12 11:35:01 2024
Last Check
Thu Dec 12 21:04:51 2024
Next Check
Thu Dec 12 21:14:51 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming3.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Thu Dec 12 11:33:36 2024
Last Check
Thu Dec 12 21:03:34 2024
Next Check
Thu Dec 12 21:13:34 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming3.govroam.uk/ Server Shared Secret
Output
UNKNOWN: No Data. No logs to check for last day
Last State Change
Thu Dec 12 11:35:59 2024
Last Check
Thu Dec 12 21:03:57 2024
Next Check
Thu Dec 12 21:13:57 2024
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming3.govroam.uk/ Simple Authentication
Output
WARNING: Timeout. No response from RADIUS server
Last State Change
Thu Dec 12 11:36:47 2024
Last Check
Thu Dec 12 21:04:45 2024
Next Check
Thu Dec 12 21:14:45 2024
Meaning:
An authentication attempt has been made using generic credentials and no response was received. It's expected that a RADIUS server would respond to non-existent credentials with an Access-Reject and if it didn't then there might be a problem. It's not part of the Tech Spec that all requests should be responded to but it's desirable. It would help us keep better track of your system state. However, be aware that all proxied/EAP requests MUST be responded to.
Solution:
Check your RADIUS logs to see what's happening to these requests. The username is 'jisctest' so should stand out. If you can, please ensure that your RADIUS server responds to the requests (with an Access-Reject). Alternatively, enable Status-Server (FreeRADIUS, RADIATOR and radsecproxy support it).
berkshire.nhs.uk/berkshire-nhs-uk-1/roaming3.govroam.uk/ Zombie
Output
UNKNOWN: No Data. No data but not marked as down within the last week
Last State Change
Thu Dec 12 11:33:33 2024
Last Check
Thu Dec 12 21:01:32 2024
Next Check
Thu Dec 12 21:11:30 2024
Called Station ID Check
Output
OK: 100% MAC format and SSID are good (last: 2024-12-12 18:40:18)
Last State Change
Thu Dec 12 12:01:46 2024
Last Check
Thu Dec 12 21:01:43 2024
Next Check
Thu Dec 12 21:16:42 2024
Calling Station ID Check
Output
OK: 100% MAC format is good, as of 2024-12-12 18:40:18
Last State Change
Thu Dec 12 12:02:19 2024
Last Check
Thu Dec 12 21:02:17 2024
Next Check
Thu Dec 12 21:17:16 2024
Operator Check
Output
WARNING: 100% Missing Operator-Name (last: 2024-12-12 18:40:18)
Last State Change
Thu Dec 12 12:02:49 2024
Last Check
Thu Dec 12 20:57:44 2024
Next Check
Thu Dec 12 21:12:44 2024
Meaning:
Operator-Name is missing from RADIUS requests. Operator-Name identifies the site sending the requests and is used by home sites in audit trails and in cases of mis-use.
Solution:
Where possible (FreeRADIUS, radsecproxy, RADIATOR) Operator-Name should be configured to send the site identifier (in the format 1realm.name e.g. 1holby.nhs.uk).
Realm Syntax Check
Output
CRITICAL: 20% Realm same as Operator (last: 2024-12-12 15:54:33)
Last State Change
Thu Dec 12 12:03:24 2024
Last Check
Thu Dec 12 20:58:22 2024
Next Check
Thu Dec 12 21:13:22 2024
Meaning:
The syntax of a realm proxied does not match what's acceptable. A realm should be in the format of 'realm.tld' or 'something.site.tld' and shouldn't have '..' or start or end with '.', shouldn't contain characters other than '0-9a-zA-Z-.', shouldn't be empty or missing. Since these realms are entered by end-users typos are possible. Obviously the NRPS should never see the site's own realm proxied as that could cause loops.
Solution:
Filter out syntactically invalid realms, don't proxy them.
VLAN Check
Output
OK: 100% No VLAN attr present (last: 2024-12-12 18:40:18)
Last State Change
Thu Dec 12 12:03:24 2024
Last Check
Thu Dec 12 21:03:23 2024
Next Check
Thu Dec 12 21:18:21 2024