Realm: psba.gov.wales Full
psba.gov.wales/psba-gov-wales-0/NRPS: roaming0.govroam.uk
(212.219.190.139) -
Dropping Auth Requests
/
psba.gov.wales/psba-gov-wales-0/roaming0.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 5.25 ms
- Last State Change
- Tue May 6 06:25:51 2025
- Last Check
- Fri May 9 05:45:41 2025
- Next Check
- Fri May 9 05:55:41 2025
psba.gov.wales/psba-gov-wales-0/roaming0.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Tue May 6 06:27:30 2025
- Last Check
- Fri May 9 05:47:29 2025
- Next Check
- Fri May 9 05:57:29 2025
psba.gov.wales/psba-gov-wales-0/roaming0.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Tue May 6 06:27:57 2025
- Last Check
- Fri May 9 05:47:56 2025
- Next Check
- Fri May 9 05:57:56 2025
psba.gov.wales/psba-gov-wales-0/roaming0.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Fri May 9 03:23:18 2025
- Last Check
- Fri May 9 05:53:19 2025
- Next Check
- Fri May 9 06:03:17 2025
psba.gov.wales/psba-gov-wales-0/roaming0.govroam.uk/
Zombie
- Output
- CRITICAL: Marked as down within the last day
- Last State Change
- Tue May 6 06:25:09 2025
- Last Check
- Fri May 9 05:53:09 2025
- Next Check
- Fri May 9 06:03:07 2025
- Meaning:
- Over the last day, the ORPS has been marked as 'down' by the NRPS. A server is marked as 'down' (or a Zombie) if it doesn't respond to an authentication query within 30s. If the ORPS is serving a Federation then the chances are that one of the Federation members isn't responding to a proxied query. If the ORPS isn't serving a Federation then it's a problem with the local configuration.
- Solution:
- An independently connected site needs to fix the configuration to ensure that the ORPS is sending a response to ALL auth requests. A Federation Operator nedds to check their logs to determine which members aren't sending responses and help them correct their configuration.
psba.gov.wales/psba-gov-wales-0/NRPS: roaming1.govroam.uk
(212.219.209.43) -
Dropping Auth Requests
/
psba.gov.wales/psba-gov-wales-0/roaming1.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 5.80 ms
- Last State Change
- Tue May 6 06:25:37 2025
- Last Check
- Fri May 9 05:45:25 2025
- Next Check
- Fri May 9 05:55:25 2025
psba.gov.wales/psba-gov-wales-0/roaming1.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Tue May 6 06:26:15 2025
- Last Check
- Fri May 9 05:46:14 2025
- Next Check
- Fri May 9 05:56:14 2025
psba.gov.wales/psba-gov-wales-0/roaming1.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Tue May 6 06:25:47 2025
- Last Check
- Fri May 9 05:45:45 2025
- Next Check
- Fri May 9 05:55:45 2025
psba.gov.wales/psba-gov-wales-0/roaming1.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Thu May 8 12:32:28 2025
- Last Check
- Fri May 9 05:52:26 2025
- Next Check
- Fri May 9 06:02:25 2025
psba.gov.wales/psba-gov-wales-0/roaming1.govroam.uk/
Zombie
- Output
- CRITICAL: Marked as down within the last day
- Last State Change
- Tue May 6 06:25:10 2025
- Last Check
- Fri May 9 05:53:10 2025
- Next Check
- Fri May 9 06:03:09 2025
- Meaning:
- Over the last day, the ORPS has been marked as 'down' by the NRPS. A server is marked as 'down' (or a Zombie) if it doesn't respond to an authentication query within 30s. If the ORPS is serving a Federation then the chances are that one of the Federation members isn't responding to a proxied query. If the ORPS isn't serving a Federation then it's a problem with the local configuration.
- Solution:
- An independently connected site needs to fix the configuration to ensure that the ORPS is sending a response to ALL auth requests. A Federation Operator nedds to check their logs to determine which members aren't sending responses and help them correct their configuration.
psba.gov.wales/psba-gov-wales-0/NRPS: roaming2.govroam.uk
(212.219.247.59) -
Dropping Auth Requests
/
psba.gov.wales/psba-gov-wales-0/roaming2.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 6.05 ms
- Last State Change
- Tue May 6 06:25:30 2025
- Last Check
- Fri May 9 05:45:19 2025
- Next Check
- Fri May 9 05:55:19 2025
psba.gov.wales/psba-gov-wales-0/roaming2.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Tue May 6 06:23:37 2025
- Last Check
- Fri May 9 05:53:36 2025
- Next Check
- Fri May 9 06:03:36 2025
psba.gov.wales/psba-gov-wales-0/roaming2.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Tue May 6 06:23:31 2025
- Last Check
- Fri May 9 05:53:30 2025
- Next Check
- Fri May 9 06:03:30 2025
psba.gov.wales/psba-gov-wales-0/roaming2.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Wed May 7 03:31:21 2025
- Last Check
- Fri May 9 05:51:20 2025
- Next Check
- Fri May 9 06:01:20 2025
psba.gov.wales/psba-gov-wales-0/roaming2.govroam.uk/
Zombie
- Output
- CRITICAL: Marked as down within the last day
- Last State Change
- Tue May 6 06:25:19 2025
- Last Check
- Fri May 9 05:53:17 2025
- Next Check
- Fri May 9 06:03:17 2025
- Meaning:
- Over the last day, the ORPS has been marked as 'down' by the NRPS. A server is marked as 'down' (or a Zombie) if it doesn't respond to an authentication query within 30s. If the ORPS is serving a Federation then the chances are that one of the Federation members isn't responding to a proxied query. If the ORPS isn't serving a Federation then it's a problem with the local configuration.
- Solution:
- An independently connected site needs to fix the configuration to ensure that the ORPS is sending a response to ALL auth requests. A Federation Operator nedds to check their logs to determine which members aren't sending responses and help them correct their configuration.
psba.gov.wales/psba-gov-wales-0/NRPS: roaming3.govroam.uk
(195.194.21.203) -
Dropping Auth Requests
/
psba.gov.wales/psba-gov-wales-0/roaming3.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 6.32 ms
- Last State Change
- Tue May 6 06:21:15 2025
- Last Check
- Fri May 9 05:51:05 2025
- Next Check
- Fri May 9 06:01:05 2025
psba.gov.wales/psba-gov-wales-0/roaming3.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Tue May 6 06:18:02 2025
- Last Check
- Fri May 9 05:48:00 2025
- Next Check
- Fri May 9 05:58:00 2025
psba.gov.wales/psba-gov-wales-0/roaming3.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Tue May 6 06:20:07 2025
- Last Check
- Fri May 9 05:50:05 2025
- Next Check
- Fri May 9 06:00:05 2025
psba.gov.wales/psba-gov-wales-0/roaming3.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Wed May 7 01:48:02 2025
- Last Check
- Fri May 9 05:48:00 2025
- Next Check
- Fri May 9 05:58:00 2025
psba.gov.wales/psba-gov-wales-0/roaming3.govroam.uk/
Zombie
- Output
- CRITICAL: Marked as down within the last day
- Last State Change
- Tue May 6 06:18:11 2025
- Last Check
- Fri May 9 05:46:10 2025
- Next Check
- Fri May 9 05:56:09 2025
- Meaning:
- Over the last day, the ORPS has been marked as 'down' by the NRPS. A server is marked as 'down' (or a Zombie) if it doesn't respond to an authentication query within 30s. If the ORPS is serving a Federation then the chances are that one of the Federation members isn't responding to a proxied query. If the ORPS isn't serving a Federation then it's a problem with the local configuration.
- Solution:
- An independently connected site needs to fix the configuration to ensure that the ORPS is sending a response to ALL auth requests. A Federation Operator nedds to check their logs to determine which members aren't sending responses and help them correct their configuration.
psba.gov.wales/psba-gov-wales-1/NRPS: roaming0.govroam.uk
(212.219.190.139) -
Dropping Auth Requests
/
psba.gov.wales/psba-gov-wales-1/roaming0.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 5.27 ms
- Last State Change
- Tue May 6 06:26:48 2025
- Last Check
- Fri May 9 05:46:38 2025
- Next Check
- Fri May 9 05:56:38 2025
psba.gov.wales/psba-gov-wales-1/roaming0.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Tue May 6 06:28:52 2025
- Last Check
- Fri May 9 05:48:51 2025
- Next Check
- Fri May 9 05:58:51 2025
psba.gov.wales/psba-gov-wales-1/roaming0.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Tue May 6 06:29:35 2025
- Last Check
- Fri May 9 05:49:35 2025
- Next Check
- Fri May 9 05:59:34 2025
psba.gov.wales/psba-gov-wales-1/roaming0.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Wed May 7 02:19:54 2025
- Last Check
- Fri May 9 05:49:52 2025
- Next Check
- Fri May 9 05:59:51 2025
psba.gov.wales/psba-gov-wales-1/roaming0.govroam.uk/
Zombie
- Output
- CRITICAL: Marked as down within the last day
- Last State Change
- Tue May 6 06:26:35 2025
- Last Check
- Fri May 9 05:44:33 2025
- Next Check
- Fri May 9 05:54:33 2025
- Meaning:
- Over the last day, the ORPS has been marked as 'down' by the NRPS. A server is marked as 'down' (or a Zombie) if it doesn't respond to an authentication query within 30s. If the ORPS is serving a Federation then the chances are that one of the Federation members isn't responding to a proxied query. If the ORPS isn't serving a Federation then it's a problem with the local configuration.
- Solution:
- An independently connected site needs to fix the configuration to ensure that the ORPS is sending a response to ALL auth requests. A Federation Operator nedds to check their logs to determine which members aren't sending responses and help them correct their configuration.
psba.gov.wales/psba-gov-wales-1/NRPS: roaming1.govroam.uk
(212.219.209.43) -
Dropping Auth Requests
/
psba.gov.wales/psba-gov-wales-1/roaming1.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 5.53 ms
- Last State Change
- Tue May 6 06:26:21 2025
- Last Check
- Fri May 9 05:46:11 2025
- Next Check
- Fri May 9 05:56:11 2025
psba.gov.wales/psba-gov-wales-1/roaming1.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Tue May 6 06:26:58 2025
- Last Check
- Fri May 9 05:46:57 2025
- Next Check
- Fri May 9 05:56:57 2025
psba.gov.wales/psba-gov-wales-1/roaming1.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Tue May 6 06:26:18 2025
- Last Check
- Fri May 9 05:46:17 2025
- Next Check
- Fri May 9 05:56:17 2025
psba.gov.wales/psba-gov-wales-1/roaming1.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Wed May 7 02:16:51 2025
- Last Check
- Fri May 9 05:46:49 2025
- Next Check
- Fri May 9 05:56:48 2025
psba.gov.wales/psba-gov-wales-1/roaming1.govroam.uk/
Zombie
- Output
- CRITICAL: Marked as down within the last day
- Last State Change
- Tue May 6 06:26:06 2025
- Last Check
- Fri May 9 05:54:04 2025
- Next Check
- Fri May 9 05:54:04 2025
- Meaning:
- Over the last day, the ORPS has been marked as 'down' by the NRPS. A server is marked as 'down' (or a Zombie) if it doesn't respond to an authentication query within 30s. If the ORPS is serving a Federation then the chances are that one of the Federation members isn't responding to a proxied query. If the ORPS isn't serving a Federation then it's a problem with the local configuration.
- Solution:
- An independently connected site needs to fix the configuration to ensure that the ORPS is sending a response to ALL auth requests. A Federation Operator nedds to check their logs to determine which members aren't sending responses and help them correct their configuration.
psba.gov.wales/psba-gov-wales-1/NRPS: roaming2.govroam.uk
(212.219.247.59) -
Dropping Auth Requests
/
psba.gov.wales/psba-gov-wales-1/roaming2.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 6.27 ms
- Last State Change
- Tue May 6 06:23:08 2025
- Last Check
- Fri May 9 05:52:58 2025
- Next Check
- Fri May 9 06:02:58 2025
psba.gov.wales/psba-gov-wales-1/roaming2.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Tue May 6 06:25:33 2025
- Last Check
- Fri May 9 05:45:32 2025
- Next Check
- Fri May 9 05:55:32 2025
psba.gov.wales/psba-gov-wales-1/roaming2.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Tue May 6 06:24:14 2025
- Last Check
- Fri May 9 05:44:12 2025
- Next Check
- Fri May 9 05:54:12 2025
psba.gov.wales/psba-gov-wales-1/roaming2.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Wed May 7 02:16:51 2025
- Last Check
- Fri May 9 05:46:49 2025
- Next Check
- Fri May 9 05:56:49 2025
psba.gov.wales/psba-gov-wales-1/roaming2.govroam.uk/
Zombie
- Output
- CRITICAL: Marked as down within the last day
- Last State Change
- Tue May 6 06:41:37 2025
- Last Check
- Fri May 9 05:51:36 2025
- Next Check
- Fri May 9 06:01:36 2025
- Meaning:
- Over the last day, the ORPS has been marked as 'down' by the NRPS. A server is marked as 'down' (or a Zombie) if it doesn't respond to an authentication query within 30s. If the ORPS is serving a Federation then the chances are that one of the Federation members isn't responding to a proxied query. If the ORPS isn't serving a Federation then it's a problem with the local configuration.
- Solution:
- An independently connected site needs to fix the configuration to ensure that the ORPS is sending a response to ALL auth requests. A Federation Operator nedds to check their logs to determine which members aren't sending responses and help them correct their configuration.
psba.gov.wales/psba-gov-wales-1/NRPS: roaming3.govroam.uk
(195.194.21.203) -
Dropping Auth Requests
/
psba.gov.wales/psba-gov-wales-1/roaming3.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 6.22 ms
- Last State Change
- Tue May 6 06:21:21 2025
- Last Check
- Fri May 9 05:51:11 2025
- Next Check
- Fri May 9 06:01:11 2025
psba.gov.wales/psba-gov-wales-1/roaming3.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Tue May 6 06:21:33 2025
- Last Check
- Fri May 9 05:51:31 2025
- Next Check
- Fri May 9 06:01:31 2025
psba.gov.wales/psba-gov-wales-1/roaming3.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Tue May 6 06:19:56 2025
- Last Check
- Fri May 9 05:49:54 2025
- Next Check
- Fri May 9 05:59:54 2025
psba.gov.wales/psba-gov-wales-1/roaming3.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Wed May 7 02:22:02 2025
- Last Check
- Fri May 9 05:52:00 2025
- Next Check
- Fri May 9 06:02:00 2025
psba.gov.wales/psba-gov-wales-1/roaming3.govroam.uk/
Zombie
- Output
- CRITICAL: Marked as down within the last day
- Last State Change
- Tue May 6 06:22:14 2025
- Last Check
- Fri May 9 05:50:12 2025
- Next Check
- Fri May 9 06:00:12 2025
- Meaning:
- Over the last day, the ORPS has been marked as 'down' by the NRPS. A server is marked as 'down' (or a Zombie) if it doesn't respond to an authentication query within 30s. If the ORPS is serving a Federation then the chances are that one of the Federation members isn't responding to a proxied query. If the ORPS isn't serving a Federation then it's a problem with the local configuration.
- Solution:
- An independently connected site needs to fix the configuration to ensure that the ORPS is sending a response to ALL auth requests. A Federation Operator nedds to check their logs to determine which members aren't sending responses and help them correct their configuration.
Called Station ID Check
- Output
- WARNING: 84% Lower case characters in MAC (last: 2025-05-09 05:45:44). 1% Missing SSID, as of 2025-05-08 20:27:26. 0% MAC format wrong - uses ':' not '-' as separator (last: 2025-05-08 15:32:57). 13% MAC format wrong - should use a '-' to separate hex pairs (last: 2025-05-08 20:08:53)
- Last State Change
- Tue May 6 06:11:42 2025
- Last Check
- Fri May 9 05:51:38 2025
- Next Check
- Fri May 9 06:06:37 2025
- Meaning:
- The Called-Station-ID contains the MAC address of the device the client connects to as well as, potentially, the SSID of the wireless network it connected to. The format of the MAC address is specified in RFC 3580 as 'XX-XX-XX-XX-XX-XX:SSID' with '-' being the only valid separator and all upper case. The SSID should be appended.
- Solution:
- Configure your wireless system to provide the CSI in the RFC3580 format.
Calling Station ID Check
- Output
- WARNING: 13% MAC format wrong, missing separator (last: 2025-05-08 20:08:53). 84% MAC format wrong, contains lower case (last: 2025-05-09 05:45:44). 0% MAC format wrong, does not use '-' as separator (last: 2025-05-08 15:32:57)
- Last State Change
- Tue May 6 06:10:33 2025
- Last Check
- Fri May 9 05:50:33 2025
- Next Check
- Fri May 9 06:05:32 2025
- Meaning:
- Calling Station ID identifies the device making the connection and RFC 3580 states that the format should be XX-XX-XX-XX-XX-XX (i.e. '-' separated and upper case).
- Solution:
- Configure your wireless system to use upper case and '-' separated pairs.
Operator Check
- Output
- WARNING: 100% Missing Operator-Name (last: 2025-05-09 05:45:53)
- Last State Change
- Tue May 6 06:08:43 2025
- Last Check
- Fri May 9 05:48:41 2025
- Next Check
- Fri May 9 06:03:41 2025
- Meaning:
- Operator-Name is missing from RADIUS requests. Operator-Name identifies the site sending the requests and is used by home sites in audit trails and in cases of mis-use.
- Solution:
- Where possible (FreeRADIUS, radsecproxy, RADIATOR) Operator-Name should be configured to send the site identifier (in the format 1realm.name e.g. 1holby.nhs.uk).
Realm Syntax Check
- Output
- OK: 100.0% Good syntax (last: 2025-05-09 05:38:51)
- Last State Change
- Tue May 6 06:10:18 2025
- Last Check
- Fri May 9 05:40:14 2025
- Next Check
- Fri May 9 05:55:14 2025
VLAN Check
- Output
- CRITICAL: 57% Tunnel-Type attr present (last: 2025-05-09 05:40:51). 57% Tunnel-Medium-Type attr present (last: 2025-05-09 05:40:51). 57% Tunnel-Private-Group-ID (last: 2025-05-09 05:40:51)
- Last State Change
- Tue May 6 06:09:50 2025
- Last Check
- Fri May 9 05:49:48 2025
- Next Check
- Fri May 9 06:04:47 2025
- Meaning:
- Various attributes such as Tunnel-Type, Tunnel-Medium-Type and Tunnel-Private-Group-ID being sent out in responses. The 'Tunnel' attributes are commonly used to instruct wireless controllers which VLAN to place a client in. Thus if these attributes aren't filtered out then one site might be sending these attributes to another site. At best users won't be connected, at worst they'll be placed on an inappropriate VLAN.
- Solution:
- Apply filters on the RADIUS servers to restrict the attributes to just the set as specified in the Tech Spec. Both outgoing AND incoming packets need the filters applied to them for everyone's protection