06-25-2009 05:12 AM - edited 07-03-2021 05:45 PM
We have been getting this alarm in WCS:
Radius server '192.168.100.219'(port 1813) is deactivated.
I checked and everything and it looks fine , the radius server is still shows enable and functional.
Any idea what could this be??
THank you
Vic
06-26-2009 06:41 AM
1813 radius accounting port
Are you using 1812-1813 for radius or 1645 & 1646?
So the auth is working but not accounting
what port do you have configured on the WLCs
listed under
SECURITY, AAA | RADIUS | Accounting?
06-26-2009 07:25 AM
i asked a wireless cisco engineer and he told me that this setting is ok.
This is the way i have it setup:
Authentication
10.138.10.26 1812 enable
10.138.15.129 1812 enable
accounting
10.138.10.26 1813 enable
10.138.15.129 1813 enable
Is it ok for both server to have the same port number ??
THank you
Vic
06-26-2009 07:33 AM
So you have 2 servers that do auth & acct, I notice that the error has a different ip address of 192.168.100.219. Your radius is working fine because the .26 & .129 servers are handling it. Where is 192.168.100.219
06-26-2009 09:39 AM
Whether your clients are authenticating properly???
This message comes from a different IP address which is not configured on your controller. Even i observed like it is coming on port 1813 which is normally used for accounting so your client authentication wont interrupted.
Can you check the o/p of debug command
"debug aaa events enable" this will give you a perfect idea of wht is happening
06-26-2009 11:46 AM
Sorry about that but my colleague didn't put the real ip address and he just enter a bogus one for the first posting but for the last post those are the real ones.
thank you
Vic
06-26-2009 11:52 AM
So are you getting the error message for both radius servers then? if not, would start looking at the suspect radius server and/or network path between the source & destination
06-28-2009 06:55 AM
Are you seeing any errors on the radius server logs. It can be an issue with the shared secret. Do you see the error pointing to both radius servers or just one. If you see this on both, you shouldn't have any users connecting. Verify the shared secret and if you are using a 63 characters, then enter the shared secret on the cli of the WLC.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: