The customer uses CSS for the load-balancing of Radius servers. He has the following configuration on the CSS:
service acs
ip address 10.0.252.1
active
owner vzp.cz
content acs
vip address 10.1.48.100
add service acs
balance srcip
advanced-balance sticky-srcip
active
group acs-snat
vip address 10.1.48.100
add destination service acs
portmap disable
active
He has the NAS server with IP address 10.1.48.100 defined on the ACS. He uses the same shared secret for radius on switches, CSS and ACS.
But he has the following message in the ACS:
RDS 05/03/2010 12:37:59 D 7536 5460 0x0 NAS: First Request (RequestID:Port) 96:13576 inserted to the lookup table.
RDS 05/03/2010 12:37:59 D 0302 5460 0x0 Request from host 10.1.48.100:1812 code=1, id=96, length=138 on port 2101 RDS 05/03/2010 12:37:59 E 0410 5460 0x0 Request from 10.1.48.100 contains invalid Message-Authenticator, ignoring RDS 05/03/2010 12:37:59 D 7638 5460 0x0 NAS: 10.1.48.100:13576:96 Cleaning lookup entry.
Thanks Roman