Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RADIUS auth-server unavailable messages

Hello,

during troubleshooting of some other WLC (WiSM2, 7.4.121.0) issues I have noticed that there is some messages like this:

hu Feb 27 15:01:11 2014    RADIUS auth-server 192.168.4.66:1812 available

1    Thu Feb 27 15:01:06 2014    RADIUS auth-server 192.168.4.66:1812 unavailable

2    Thu Feb 27 15:01:06 2014    RADIUS server 192.168.4.66:1812 failed to respond to request (ID 216) for client 9c:d2:4b:bd:82:fb / user '***'

3    Thu Feb 27 14:58:24 2014    RADIUS auth-server 192.168.4.66:1812 available

4    Thu Feb 27 14:58:22 2014    RADIUS auth-server 192.168.4.66:1812 unavailable

5    Thu Feb 27 14:58:22 2014    RADIUS server 192.168.4.66:1812 failed to respond to request (ID 128) for client 9c:d2:4b:bd:82:fb / user '***'

6    Thu Feb 27 14:57:56 2014    RADIUS auth-server 192.168.4.66:1812 available

7    Thu Feb 27 14:57:43 2014    RADIUS auth-server 192.168.4.66:1812 unavailable

8    Thu Feb 27 14:57:43 2014    RADIUS server 192.168.4.66:1812 failed to respond to request (ID 103) for client 9c:d2:4b:bd:82:fb / user '***'

9    Thu Feb 27 14:57:18 2014    RADIUS auth-server 192.168.4.66:1812 available

10    Thu Feb 27 14:57:12 2014    RADIUS auth-server 192.168.4.66:1812 unavailable

During that time I have ping radius server from console but it looks OK:

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >

(WiSM-slot25-1) >show time

Time............................................. Thu Feb 27 15:00:10 2014

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

(WiSM-slot25-1) >ping 192.168.4.66

Send count=3, Receive count=3 from 192.168.4.66

There is only one radius configured in WLC.

(WiSM-slot25-1) >show radius auth statistics

Authentication Servers:

Server Index..................................... 1

Server Address................................... 192.168.4.66

Msg Round Trip Time.............................. 11 (msec)

First Requests................................... 31952

Retry Requests................................... 285

Accept Responses................................. 4002

Reject Responses................................. 274

Challenge Responses.............................. 27620

Malformed Msgs................................... 0

Bad Authenticator Msgs........................... 0

Pending Requests................................. 0

Timeout Requests................................. 341

Unknowntype Msgs................................. 0

Other Drops...................................... 0

What I can do to troubleshoot this, some debug commands, timer tuning... ?

Regrds,

Mladen

2 REPLIES
Hall of Fame Super Silver

Re: RADIUS auth-server unavailable messages

You can try to tweak the timers. Take a look at this doc that Steve put together.

https://supportforums.cisco.com/docs/DOC-12110

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Re: RADIUS auth-server unavailable messages

that could also be load on the AAA server.  the WLC callas a radius server dead/unavailable if it doesn't respond to 3 requests for a client authetication.

You may want to also try disabling agressive failover.

config radius aggressive-failover disable.

this changes the behavior of the WLC that the AAA has to not responde to three consecutive clients before it's called dead.  but if you only have the one server it may not help too much.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
1078
Views
0
Helpful
2
Replies