Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Radius authentication issue: Switch is not even communicating with radius server

I'm having a strange issue.  I'm running a 3560 8 port switch with c3560-ipbasek9-mz.122-58.SE2.bin.

Here is the relevant config:

interface Vlan140

ip address 172.20.40.18 255.255.255.0

ip route 0.0.0.0 0.0.0.0 172.20.40.1

aaa new-model

aaa group server radius RADIUSGROUP

server name RADIUS-SERVER1

aaa authentication login default group RADIUSGROUP local

radius server RADIUS-SERVER1

address ipv4 172.20.1.2 auth-port 1812 acct-port 1813

key 7 xxx

-----------------------

I am able to ping the radius server from the switch so there is L3 connectivity.  However, when I try to login using my radius credentials, I get:

Request timed out.

00:58:35: RADIUS(00000014): Request timed out

00:58:35: RADIUS: No response from (172.20.1.2:1812,1813) for id 1645/14

00:58:35: RADIUS/DECODE: No response from radius-server; parse response; FAIL

00:58:35: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL

A packet capture shows that pings go across, but I don't see any packets being sent at all for the radius authentication attempt.

I am not running any VRFs or packet filter ACLs.

Does anyone have any ideas?

Thank you in advance.

7 REPLIES
New Member

Radius authentication issue: Switch is not even communicating wi

By the way, I forgot to mention that I've tried it with the "ip radius source-interface" of the vlan interface but still no game.

Cisco Employee

Radius authentication issue: Switch is not even communicating wi

What radius server are you running? Could you please verify the shared-secret key on server and switch side.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Radius authentication issue: Switch is not even communicating wi

Hey Jatin,

I wish it was that simple as a mismatched shared-secret.  The problem is that the switch isn't even sending any packets out to the radius server AT ALL.

Vince

dal
New Member

Radius authentication issue: Switch is not even communicating wi

Hi.

What radius server are you using? Some radius servers (Windows for example) do not use port 1812 and 1813 for communication, but 1645 and 1646 instead.

Could be worth checking out.

- Dal

New Member

Radius authentication issue: Switch is not even communicating wi

I'm sorry guys, I forgot the name of the radius server.  However, I want to focus on why there is no traffic coming out of the switch when it is attempting to communicate with the radius server.  I don't see any packets coming out of the switch destined for the radius server in the first place.  The radius server works when I configure it on other switches.  I used the exact same configuration on all the switches.  They are the same model with the same firmware.  I checksummed the firmware and it is good.

dal
New Member

Radius authentication issue: Switch is not even communicating wi

What are you trying to achieve? Do you want to use radius for managment login into the switch?

If so, I think you must add this line:

aaa authorization exec default group RADIUSGROUP local

New Member

Radius authentication issue: Switch is not even communicating wi

Hi, yes, I have that line in there as well.  I'm trying to ssh into the switch and authenticate using radius.  I am able to SSH in, but when I attempt to authenticate, it doesn't look like the switch is communicating with the radius server at all.  A packet capture shows that there are no radius traffic.  It is really strange and probably one of those rare issues.  I've set up dozens of switch like this and never had any problems before.

644
Views
0
Helpful
7
Replies
CreatePlease login to create content