Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How can I verify connections to my server on ACE-udp port

We are failing when RADIUS is trying to be implemented through a vip

server doesnt see connections

I do

show serverfarm RADIUIS

---------------------------------
                                               ----------connections-----------
      real                  weight state             current           total            failures
  ---+---------------------+------+------------+----------+----------+---------
  rserver: PRDDOMCLT02
      10.11.13.180:0        8      OPERATIONAL  0          13         0
  rserver: PRDDOMCLT01
      10.11.13.212:0        8      OPERATIONAL  0          12         0

and I can see connections on the table for the rserver, but how can i confirm what part it is used on?

These would be typical UDP Radius ports

serverfarm host RADIUS
  probe probe_service_icmp
  rserver PRDDOMCLT02
    inservice
  rserver PRDDOMCLT01

rserver host PRDDOMCLT02
  ip address 10.11.13.180
  probe probe_service_icmp
  inservice

rserver host PRDDOMCLT01
  ip address 10.11.13.212
  probe probe_service_icmp
  inservice

class-map match-all RADIUS-VIP
  2 match virtual-address 172.20.224.35 any

policy-map type loadbalance first-match RADIUS-VIP
  class class-default
    serverfarm RADIUS

class RADIUS-VIP
   loadbalance vip inservice
   loadbalance policy RADIUS-VIP
   loadbalance vip icmp-reply
   nat dynamic 2 vlan 112

interface vlan 112
  ip address 10.11.12.4 255.255.252.0
  alias 10.11.12.10 255.255.252.0
  peer ip address 10.11.12.5 255.255.252.0
  no normalization
  no icmp-guard
  access-group input any
  nat-pool 2 10.11.12.20 10.11.12.20 netmask 255.255.252.0 pat
  service-policy input VIPs
  service-policy input ALLOW_ICMP_POLICY
  no shutdown

2 REPLIES
Cisco Employee

Re: How can I verify connections to my server on ACE-udp port

You should get a sniffer trace on the vlan to see if the request comes in, if it is sent out and what the server does with it.

Gilles.

Silver

Re: How can I verify connections to my server on ACE-udp port

Are you letting traffic from the VIP through ahny firewall on the RADIUS server and is the VIP defined as a NAS in the RADIUS configuration?

Cathy

205
Views
0
Helpful
2
Replies
CreatePlease login to create content