11-10-2008 11:16 AM - edited 03-10-2019 04:10 PM
Currently I have 802.1x with ACS working to authenticate users to active directory. Eveyrhting is working great. I have added another ACS Appliance in our configuration for failover or redundancy. But when I unplug the ACS thats working I am unable to authenticate IP phones to the secondayr ACS. I see the following failed message in the logs of the 2nd ACS
"Authen session timed out: Challenge not provided by client"
If I run a debug on dot1x I get the following:
3d22h: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.233.42:1645,1646 is not responding.
3d22h: %RADIUS-4-RADIUS_ALIVE: RADIUS server 192.168.233.42:1645,1646 has returned.
3d22h: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.233.42:1812,1813 is not responding
192.168.233.42 is the unplugeed ACS. It never reaches the secondary ACS
11-10-2008 11:20 AM
Switch has the following configured;
radius-server host 192.168.233.42 auth-port 1645 acct-port 1646 key Password!
radius-server host 192.168.233.44 auth-port 1645 acct-port 1646 key Password!
ip radius source-interface
11-10-2008 03:39 PM
You can try below commands and see if it makes any difference.
radius-server host 192.168.233.42 auth-port 1645 acct-port 1646 test username radius01 idle-timeout 1 key Password!
radius-server host 192.168.233.44 auth-port 1645 acct-port 1646 test username radius02 idle-timeout 1 key Password!
HTH
MD
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: