steve.busby Wed, 03/07/2007 - 12:10
User Badges:
  • Silver, 250 points or more

Look at your ACS failed authentication logs to determine why it's failing.


If you remove the 172.23.11.5 host, does this switch authenticate against the other servers? Check your shared key on both the ACS server (172.23.11.5) and your switch. Reenter the key on both devices to ensure there is no hidden space at the end.


HTH

Steve

steve.busby Wed, 03/07/2007 - 12:49
User Badges:
  • Silver, 250 points or more

When you have multiple authentication servers configured, Cisco IOS uses a "radius server deadtime" feature.


http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_command_reference_chapter09186a00800d9bf2.html#xtocid182015


Your IOS is doing exactly what it's designed to do:


RADIUS server 172.23.11.5:1645,1646 is not responding.

RADIUS server 172.23.11.5:1645,1646 has returned.


You need to go to the logs on the ACS server and see why this device is failing authentication.


HTH

Steve

Actions

This Discussion