Pls find the bug details associated with the existing running image in the Cisco 6509
1. Bug id:-CSCsv14886
Cause: - Failure to send RADIUS state attribute
Symptom:-Switch using RADIUS for dot1x authentication is not sending RADIUS state attribute to ACS server.
The ACS server discards these packets and the switch marks the server as down.
Conditions: Cat6500 running 12.2(33)SXH2a using RADIUS for dot1x authentication
1st Fixed in Version: - 12.2(33)SXH5
2. Bud id :- CSCir00551
Cause: - Misleading radius debug message
Symptom:- The "%RADIUS-4-RADIUS_ALIVE: RADIUS server 172.27.66.89:2295,2296 has returned."
is a little misleading. It is not saying that the server has returned, in the
Sense of being heard from. It is only saying that RADIUS has marked the server
as being alive because the deadtime timer has expired, and RADIUS is willing to
re-send messages to this server again.
Conditions: - None
12.2(33)SXH4 is included in the affected version
The above 2 bugs associated with the radius issue in the existing image may be the cause of Radius not working with the cores witch, As we tested TACACS+ works correctly without any issues, would recommend you to configure TACACS+ for both the core switches and also for other devices, as TACACS+ is more secure than Radius .You can Use TACACS+ with Cisco ACS.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...