Realm: candi.nhs.uk Full

candi.nhs.uk/ORPS: candi-nhs-uk-0
candi.nhs.uk/candi-nhs-uk-0/NRPS: roaming0.govroam.uk (212.219.190.139) - All good
candi.nhs.uk/candi-nhs-uk-0/roaming0.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 7.32 ms
Last State Change
Thu Jul 3 11:56:37 2025
Last Check
Sun Jul 13 08:06:29 2025
Next Check
Sun Jul 13 08:16:28 2025
candi.nhs.uk/candi-nhs-uk-0/roaming0.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Fri Jul 11 13:05:05 2025
Last Check
Sun Jul 13 08:15:03 2025
Next Check
Sun Jul 13 08:25:03 2025
candi.nhs.uk/candi-nhs-uk-0/roaming0.govroam.uk/ Server Shared Secret
Output
OK: Good shared secret over last day
Last State Change
Fri Jul 11 13:33:51 2025
Last Check
Sun Jul 13 08:13:50 2025
Next Check
Sun Jul 13 08:23:49 2025
candi.nhs.uk/candi-nhs-uk-0/roaming0.govroam.uk/ Simple Authentication
Output
OK: Return code is as expected, Access-Reject
Last State Change
Fri Jul 11 13:05:23 2025
Last Check
Sun Jul 13 08:05:23 2025
Next Check
Sun Jul 13 08:15:22 2025
candi.nhs.uk/candi-nhs-uk-0/roaming0.govroam.uk/ Zombie
Output
UNKNOWN: No Data. No data but not marked as down within the last week
Last State Change
Sat Jul 12 12:30:37 2025
Last Check
Sun Jul 13 08:10:35 2025
Next Check
Sun Jul 13 08:20:35 2025
candi.nhs.uk/candi-nhs-uk-0/NRPS: roaming1.govroam.uk (212.219.209.43) - All good
candi.nhs.uk/candi-nhs-uk-0/roaming1.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 7.01 ms
Last State Change
Sun Jul 6 15:08:46 2025
Last Check
Sun Jul 13 08:08:35 2025
Next Check
Sun Jul 13 08:18:35 2025
candi.nhs.uk/candi-nhs-uk-0/roaming1.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Fri Jul 11 13:04:30 2025
Last Check
Sun Jul 13 08:14:30 2025
Next Check
Sun Jul 13 08:24:29 2025
candi.nhs.uk/candi-nhs-uk-0/roaming1.govroam.uk/ Server Shared Secret
Output
OK: Good shared secret over last day
Last State Change
Fri Jul 11 14:05:10 2025
Last Check
Sun Jul 13 08:05:08 2025
Next Check
Sun Jul 13 08:15:08 2025
candi.nhs.uk/candi-nhs-uk-0/roaming1.govroam.uk/ Simple Authentication
Output
OK: Return code is as expected, Access-Reject
Last State Change
Fri Jul 11 13:07:21 2025
Last Check
Sun Jul 13 08:07:18 2025
Next Check
Sun Jul 13 08:17:18 2025
candi.nhs.uk/candi-nhs-uk-0/roaming1.govroam.uk/ Zombie
Output
UNKNOWN: No Data. No data but not marked as down within the last week
Last State Change
Sat Jul 12 12:26:05 2025
Last Check
Sun Jul 13 08:06:03 2025
Next Check
Sun Jul 13 08:16:03 2025
candi.nhs.uk/candi-nhs-uk-0/NRPS: roaming2.govroam.uk (212.219.247.59) - All good
candi.nhs.uk/candi-nhs-uk-0/roaming2.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 12.65 ms
Last State Change
Sun Jul 6 15:10:10 2025
Last Check
Sun Jul 13 08:09:58 2025
Next Check
Sun Jul 13 08:19:58 2025
candi.nhs.uk/candi-nhs-uk-0/roaming2.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Fri Jul 11 13:03:55 2025
Last Check
Sun Jul 13 08:13:54 2025
Next Check
Sun Jul 13 08:23:54 2025
candi.nhs.uk/candi-nhs-uk-0/roaming2.govroam.uk/ Server Shared Secret
Output
OK: Good shared secret over last day
Last State Change
Fri Jul 11 14:07:06 2025
Last Check
Sun Jul 13 08:07:04 2025
Next Check
Sun Jul 13 08:17:04 2025
candi.nhs.uk/candi-nhs-uk-0/roaming2.govroam.uk/ Simple Authentication
Output
OK: Return code is as expected, Access-Reject
Last State Change
Fri Jul 11 13:06:38 2025
Last Check
Sun Jul 13 08:06:37 2025
Next Check
Sun Jul 13 08:16:37 2025
candi.nhs.uk/candi-nhs-uk-0/roaming2.govroam.uk/ Zombie
Output
UNKNOWN: No Data. No data but not marked as down within the last week
Last State Change
Sat Jul 12 12:56:28 2025
Last Check
Sun Jul 13 08:06:26 2025
Next Check
Sun Jul 13 08:16:26 2025
candi.nhs.uk/candi-nhs-uk-0/NRPS: roaming3.govroam.uk (195.194.21.203) - All good
candi.nhs.uk/candi-nhs-uk-0/roaming3.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 12.37 ms
Last State Change
Thu Jul 3 11:58:52 2025
Last Check
Sun Jul 13 08:08:41 2025
Next Check
Sun Jul 13 08:18:41 2025
candi.nhs.uk/candi-nhs-uk-0/roaming3.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Fri Jul 11 13:07:00 2025
Last Check
Sun Jul 13 08:06:58 2025
Next Check
Sun Jul 13 08:16:58 2025
candi.nhs.uk/candi-nhs-uk-0/roaming3.govroam.uk/ Server Shared Secret
Output
OK: Good shared secret over last day
Last State Change
Fri Jul 11 14:14:14 2025
Last Check
Sun Jul 13 08:14:12 2025
Next Check
Sun Jul 13 08:24:12 2025
candi.nhs.uk/candi-nhs-uk-0/roaming3.govroam.uk/ Simple Authentication
Output
OK: Return code is as expected, Access-Reject
Last State Change
Fri Jul 11 13:04:22 2025
Last Check
Sun Jul 13 08:14:21 2025
Next Check
Sun Jul 13 08:24:21 2025
candi.nhs.uk/candi-nhs-uk-0/roaming3.govroam.uk/ Zombie
Output
UNKNOWN: No Data. No data but not marked as down within the last week
Last State Change
Sat Jul 12 12:56:47 2025
Last Check
Sun Jul 13 08:06:46 2025
Next Check
Sun Jul 13 08:16:46 2025
candi.nhs.uk/ORPS: candi-nhs-uk-1
candi.nhs.uk/candi-nhs-uk-1/NRPS: roaming0.govroam.uk (212.219.190.139) - All good
candi.nhs.uk/candi-nhs-uk-1/roaming0.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 7.85 ms
Last State Change
Thu Jul 3 11:55:38 2025
Last Check
Sun Jul 13 08:05:30 2025
Next Check
Sun Jul 13 08:15:29 2025
candi.nhs.uk/candi-nhs-uk-1/roaming0.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Thu Jul 3 11:52:00 2025
Last Check
Sun Jul 13 08:11:59 2025
Next Check
Sun Jul 13 08:21:59 2025
candi.nhs.uk/candi-nhs-uk-1/roaming0.govroam.uk/ Server Shared Secret
Output
UNKNOWN: No Data. No logs to check for last day
Last State Change
Sat Jul 12 16:30:32 2025
Last Check
Sun Jul 13 08:08:31 2025
Next Check
Sun Jul 13 08:18:30 2025
candi.nhs.uk/candi-nhs-uk-1/roaming0.govroam.uk/ Simple Authentication
Output
OK: Return code is as expected, Access-Reject
Last State Change
Thu Jul 3 11:52:19 2025
Last Check
Sun Jul 13 08:12:18 2025
Next Check
Sun Jul 13 08:22:18 2025
candi.nhs.uk/candi-nhs-uk-1/roaming0.govroam.uk/ Zombie
Output
UNKNOWN: No Data. No data but not marked as down within the last week
Last State Change
Fri Jul 11 15:41:14 2025
Last Check
Sun Jul 13 08:11:14 2025
Next Check
Sun Jul 13 08:21:13 2025
candi.nhs.uk/candi-nhs-uk-1/NRPS: roaming1.govroam.uk (212.219.209.43) - All good
candi.nhs.uk/candi-nhs-uk-1/roaming1.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 8.61 ms
Last State Change
Thu Jul 3 11:55:50 2025
Last Check
Sun Jul 13 08:05:40 2025
Next Check
Sun Jul 13 08:15:40 2025
candi.nhs.uk/candi-nhs-uk-1/roaming1.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Thu Jul 3 11:53:41 2025
Last Check
Sun Jul 13 08:13:38 2025
Next Check
Sun Jul 13 08:23:38 2025
candi.nhs.uk/candi-nhs-uk-1/roaming1.govroam.uk/ Server Shared Secret
Output
UNKNOWN: No Data. No logs to check for last day
Last State Change
Sat Jul 12 16:34:05 2025
Last Check
Sun Jul 13 08:12:04 2025
Next Check
Sun Jul 13 08:22:03 2025
candi.nhs.uk/candi-nhs-uk-1/roaming1.govroam.uk/ Simple Authentication
Output
OK: Return code is as expected, Access-Reject
Last State Change
Thu Jul 3 11:54:11 2025
Last Check
Sun Jul 13 08:14:10 2025
Next Check
Sun Jul 13 08:24:10 2025
candi.nhs.uk/candi-nhs-uk-1/roaming1.govroam.uk/ Zombie
Output
UNKNOWN: No Data. No data but not marked as down within the last week
Last State Change
Sat Jul 12 10:13:35 2025
Last Check
Sun Jul 13 08:13:35 2025
Next Check
Sun Jul 13 08:23:34 2025
candi.nhs.uk/candi-nhs-uk-1/NRPS: roaming2.govroam.uk (212.219.247.59) - All good
candi.nhs.uk/candi-nhs-uk-1/roaming2.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 14.65 ms
Last State Change
Thu Jul 3 11:57:22 2025
Last Check
Sun Jul 13 08:07:12 2025
Next Check
Sun Jul 13 08:17:12 2025
candi.nhs.uk/candi-nhs-uk-1/roaming2.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Thu Jul 3 11:56:27 2025
Last Check
Sun Jul 13 08:06:25 2025
Next Check
Sun Jul 13 08:16:25 2025
candi.nhs.uk/candi-nhs-uk-1/roaming2.govroam.uk/ Server Shared Secret
Output
UNKNOWN: No Data. No logs to check for last day
Last State Change
Sat Jul 12 16:34:13 2025
Last Check
Sun Jul 13 08:12:12 2025
Next Check
Sun Jul 13 08:22:12 2025
candi.nhs.uk/candi-nhs-uk-1/roaming2.govroam.uk/ Simple Authentication
Output
OK: Return code is as expected, Access-Reject
Last State Change
Thu Jul 3 11:57:25 2025
Last Check
Sun Jul 13 08:07:24 2025
Next Check
Sun Jul 13 08:17:24 2025
candi.nhs.uk/candi-nhs-uk-1/roaming2.govroam.uk/ Zombie
Output
UNKNOWN: No Data. No data but not marked as down within the last week
Last State Change
Sat Jul 12 10:16:36 2025
Last Check
Sun Jul 13 08:06:34 2025
Next Check
Sun Jul 13 08:16:34 2025
candi.nhs.uk/candi-nhs-uk-1/NRPS: roaming3.govroam.uk (195.194.21.203) - All good
candi.nhs.uk/candi-nhs-uk-1/roaming3.govroam.uk/ Ping
Output
PING OK - Packet loss = 0%, RTA = 14.32 ms
Last State Change
Thu Jul 3 12:00:04 2025
Last Check
Sun Jul 13 08:09:55 2025
Next Check
Sun Jul 13 08:19:54 2025
candi.nhs.uk/candi-nhs-uk-1/roaming3.govroam.uk/ RADIUS Port
Output
OK: Port 1812 is probably open, unless there's a DROP firewall
Last State Change
Thu Jul 3 11:56:05 2025
Last Check
Sun Jul 13 08:06:03 2025
Next Check
Sun Jul 13 08:16:03 2025
candi.nhs.uk/candi-nhs-uk-1/roaming3.govroam.uk/ Server Shared Secret
Output
UNKNOWN: No Data. No logs to check for last day
Last State Change
Sat Jul 12 16:35:20 2025
Last Check
Sun Jul 13 08:13:18 2025
Next Check
Sun Jul 13 08:23:18 2025
candi.nhs.uk/candi-nhs-uk-1/roaming3.govroam.uk/ Simple Authentication
Output
OK: Return code is as expected, Access-Reject
Last State Change
Fri Jul 11 19:41:31 2025
Last Check
Sun Jul 13 08:11:30 2025
Next Check
Sun Jul 13 08:21:28 2025
candi.nhs.uk/candi-nhs-uk-1/roaming3.govroam.uk/ Zombie
Output
UNKNOWN: No Data. No data but not marked as down within the last week
Last State Change
Fri Jul 11 09:45:28 2025
Last Check
Sun Jul 13 08:05:26 2025
Next Check
Sun Jul 13 08:15:26 2025
Called Station ID Check
Output
WARNING: 100% Lower case characters in MAC (last: 2025-07-13 06:54:37)
Last State Change
Fri Jun 13 10:32:57 2025
Last Check
Sun Jul 13 08:12:57 2025
Next Check
Sun Jul 13 08:27:55 2025
Meaning:
The Called-Station-ID contains the MAC address of the device the client connects to as well as, potentially, the SSID of the wireless network it connected to. The format of the MAC address is specified in RFC 3580 as 'XX-XX-XX-XX-XX-XX:SSID' with '-' being the only valid separator and all upper case. The SSID should be appended.
Having the Called-Station-ID included in proxied requests makes it possible to ensure that the SSID being broadcast matches the service requirements.
Solution:
Configure your wireless system to provide the CSI in the RFC3580 format.
Calling Station ID Check
Output
WARNING: 100% MAC format wrong, contains lower case (last: 2025-07-13 06:54:37)
Last State Change
Fri Jun 13 10:31:22 2025
Last Check
Sun Jul 13 08:11:22 2025
Next Check
Sun Jul 13 08:26:20 2025
Meaning:
Calling Station ID identifies the device making the connection and RFC 3580 states that the format should be XX-XX-XX-XX-XX-XX (i.e. '-' separated and upper case).
Solution:
Configure your wireless system to use upper case and '-' separated pairs.
Operator Check
Output
OK: 100% Operator-Name present (last: 2025-07-13 06:54:37)
Last State Change
Fri Jun 13 10:33:08 2025
Last Check
Sun Jul 13 08:03:06 2025
Next Check
Sun Jul 13 08:18:06 2025
Realm Syntax Check
Output
CRITICAL: 20.2% realm ends with '.' (last: 2025-07-12 18:34:15). 1.7% realm starts with '.' (last: 2025-07-12 18:34:15)
Last State Change
Sat Jul 12 18:12:30 2025
Last Check
Sun Jul 13 08:12:26 2025
Next Check
Sun Jul 13 08:27:25 2025
Meaning:
The syntax of a realm proxied does not match what's acceptable. A realm should be in the format of 'realm.tld' or 'something.site.tld' and shouldn't have '..' or start or end with '.', shouldn't contain characters other than '0-9a-zA-Z-.', shouldn't be empty or missing. Since these realms are entered by end-users typos are possible. Obviously the NRPS should never see the site's own realm proxied as that could cause loops.
Solution:
Filter out syntactically invalid realms, don't proxy them.
VLAN Check
Output
CRITICAL: 99% Tunnel-Type attr present (last: 2025-07-13 06:54:37). 99% Tunnel-Medium-Type attr present (last: 2025-07-13 06:54:37). 99% Tunnel-Private-Group-ID (last: 2025-07-13 06:54:37)
Last State Change
Fri Jun 13 10:32:14 2025
Last Check
Sun Jul 13 08:12:12 2025
Next Check
Sun Jul 13 08:27:11 2025
Meaning:
Various attributes such as Tunnel-Type, Tunnel-Medium-Type and Tunnel-Private-Group-ID being sent out in responses. The 'Tunnel' attributes are commonly used to instruct wireless controllers which VLAN to place a client in. Thus if these attributes aren't filtered out then one site might be sending these attributes to another site. At best users won't be connected, at worst they'll be placed on an inappropriate VLAN.
Solution:
Apply filters on the RADIUS servers to restrict the attributes to just the set as specified in the Tech Spec. Both outgoing AND incoming packets need the filters applied to them for everyone's protection