Radius Server

Unanswered Question
Jun 25th, 2009

We have been getting this alarm in WCS:

Radius server '192.168.100.219'(port 1813) is deactivated.

I checked and everything and it looks fine , the radius server is still shows enable and functional.

Any idea what could this be??

THank you

Vic

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ericgarnel Fri, 06/26/2009 - 06:41

1813 radius accounting port

Are you using 1812-1813 for radius or 1645 & 1646?

So the auth is working but not accounting

what port do you have configured on the WLCs

listed under

SECURITY, AAA | RADIUS | Accounting?

Victor Fabian Fri, 06/26/2009 - 07:25

i asked a wireless cisco engineer and he told me that this setting is ok.

This is the way i have it setup:

Authentication

10.138.10.26 1812 enable

10.138.15.129 1812 enable

accounting

10.138.10.26 1813 enable

10.138.15.129 1813 enable

Is it ok for both server to have the same port number ??

THank you

Vic

ericgarnel Fri, 06/26/2009 - 07:33

So you have 2 servers that do auth & acct, I notice that the error has a different ip address of 192.168.100.219. Your radius is working fine because the .26 & .129 servers are handling it. Where is 192.168.100.219

jicr Fri, 06/26/2009 - 09:39

Whether your clients are authenticating properly???

This message comes from a different IP address which is not configured on your controller. Even i observed like it is coming on port 1813 which is normally used for accounting so your client authentication wont interrupted.

Can you check the o/p of debug command

"debug aaa events enable" this will give you a perfect idea of wht is happening

Victor Fabian Fri, 06/26/2009 - 11:46

Sorry about that but my colleague didn't put the real ip address and he just enter a bogus one for the first posting but for the last post those are the real ones.

thank you

Vic

ericgarnel Fri, 06/26/2009 - 11:52

So are you getting the error message for both radius servers then? if not, would start looking at the suspect radius server and/or network path between the source & destination

Scott Fella Sun, 06/28/2009 - 06:55

Are you seeing any errors on the radius server logs. It can be an issue with the shared secret. Do you see the error pointing to both radius servers or just one. If you see this on both, you shouldn't have any users connecting. Verify the shared secret and if you are using a 63 characters, then enter the shared secret on the cli of the WLC.

Actions

This Discussion

 

 

Trending Topics - Security & Network