Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Packet raduis capture

daer i have enabled AAA on my AS5400 to start clients to authenticate with softsitch and Raduis server.... i did not capture any raduis packet from AS5400 at raduis server.....what is the problem:

aaa authentication ppp default if-needed group radius

aaa authorization network default group radius

aaa accounting network default start-stop group radius

radius-server host auth-port 1645 acct-port 1646

radius-server timeout 50

radius-server key xxx.

thank you

Hall of Fame Super Silver

Re: Packet raduis capture


There are several things that might cause the symptoms that you describe. I would start with questions of IP connectivity. Is there correct IP connectivity between your AS5400 and the radius server that you have configured? A good way to test this would be a traceroute from the AS5400 to the Radius server.

If the traceroute shows correct IP connectivity then the next thing that I would suggest is the possibility that your AS5400 is sourcing the packets from an address that is different from what you expect. The partial config that you posted does not show that you are specifying the source address for the Radius packets. I would suggest that you specify the source address for Radius packets (to be whatever address you configured on the Radius server to represent the AS5400).

If specifying the source address does not improve the problem then I would suggest looking for the possibility of an access list or some other packet filtering that may not be permitting UDP ports 1645 and 1646 to pass. The output of the traceroute would give you a list of devices to check for this.

If none of these improve the problem I would look into the possibility that there is some issue on the AS5400. I wonder about the use of if-needed in the aaa authentication ppp command. Is there a possibility that clients get authenticated before the PPP session starts and therefore are not passed to Radius for authentication. To investigate this I would suggest run debug aaa authentication and perhaps debug radius authentication. Run these debugs, make some client connections, and post the debug output. Lets see if the AS5400 believes that it is sending the authentication requests.