Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Detect up/down radius server

Hello,

I was wondering how does a switch proceed to detect when one or several radius server is down.

If I leave only one radius server in a C3560-24PS (running with the lastest software version) and shut all services associated with my ACS4.2 through the web interface, I receive the following error logs:

13:55:31:%RADIUS-4-RADIUS_DEAD: RADIUS server x.x.x.x:1645,1646 is not  responding.
13:55:31:%RADIUS-4-RADIUS_ALIVE: RADIUS server x.x.x.x:1645,1646 is being marked  alive.

Anyone can explain me why a such ouput?

Thank you for your help!

David

Everyone's tags (3)
8 REPLIES

Re: Detect up/down radius server

Hello,

I was wondering how does a switch proceed to detect when one or several radius server is down.

If I leave only one radius server in a C3560-24PS (running with the lastest software version) and shut all services associated with my ACS4.2 through the web interface, I receive the following error logs:

13:55:31:%RADIUS-4-RADIUS_DEAD: RADIUS server x.x.x.x:1645,1646 is not  responding.
13:55:31:%RADIUS-4-RADIUS_ALIVE: RADIUS server x.x.x.x:1645,1646 is being marked  alive.

Anyone can explain me why a such ouput?

Thank you for your help!

David

Hi David,

Following are the comments for the above messages

%RADIUS-4-RADIUS_DEAD -- A RADIUS server has not responded to repeated requests

For checking purpose check to see if the RADIUS server is still active.

%RADIUS-4-RADIUS_ALIVE -- A RADIUS server that previously was not responding has responded
to a new request

Hope to Help !!

Remember to rate the helpful post

Ganesh.H
New Member

Re: Detect up/down radius server

Hi,

 

I'm having the same issue, is anyone able to fix this reported issue on this thread?

 

Thanks,

Magesh

Hall of Fame Super Silver

Re: Detect up/down radius server

Hello David,

RADIUS uses a pair of UDP ports in your case UDP 1645 and 1646 for AAA and accounting

the device is probably probing those ports according to radius server configuration over time, so it can detect when services are available or not based on the fact of receiving or not receiving answers from server.

this is what is provided also by error message decoder

%RADIUS-4-RADIUS_DEAD:

RADIUS server [IP_address]:[int],[int] is not responding.

A RADIUS server has not responded to repeated requests.

Recommended Action: Check to determine if the RADIUS server is still active.

Related documents- No specific documents apply to this  error message.

I think this is good news if failure detection happens when the Radius service is disabled on server

Hope to help

Giuseppe

New Member

Re: Detect up/down radius server

Thank you for your quick answers but my problem is the fact the switch detects the radius server back in the exact same second it became unavailable.

And in the meanwhile, the radius was disconnected (either by shutting down corresponding services or by physically disconnecting the network port of the ACS server).

I don't understand how a switch can detect a radius server alive if it is certainly not. Two possibilities arise in my mind: either the switch thinks the radius is alive and the logging is correct, either the logging is simply buggy.

In both cases, there is a problem...

Any ideas?

David

Hall of Fame Super Silver

Re: Detect up/down radius server

Hello David,

>> Thank you for your quick answers but my problem is the fact the switch  detects the radius server back in the exact same second it became  unavailable.

Now it is more clear and I agree this is a problem.

The result of this is the device will try to send messages to the radius server for accounting or AAA.

It should be able to detect the server failure when trying to use it.

So some resources are wasted in the attempt to contact a dead server.

Hope to help

Giuseppe

New Member

Re: Detect up/down radius server

Heloo Giuseppe,

Apparently when I set the debug mode on, it seems more like a logging problem than a real confusion from the switch. Good to know but just makes things harder to debug.

Thank you for your time

New Member

Is there any update on a fix

Is there any update on a fix action?

New Member

I had the same problem when i

I had the same problem when i installed new router in branch.

I used Loopback interface for radius connection:

ip radius source-interface Loopback0

But ip address of this Loopback was routed for radius server in the different path. 

Check available route to your device where you want to be authenticated for AAA server.

I hope that helped you!

Maksim

5838
Views
0
Helpful
8
Replies
CreatePlease login to create content