cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
31545
Views
5
Helpful
0
Comments
TCC_2
Level 10
Level 10

Core Issue:-

The messages happen when there are two servers defined and the authentication goes to the second. When you first reboot the Wireless LAN Service Module (WLSM), possibly the first server is up then at some point it is unreachable, for example, transient network condition, replication, and so forth. Thus, this results in this condition.

The exact error message looks similar to this:-

(xx)Month  (xx)Date (xx:xx:xx)Time : %RADIUS-4-RADIUS_DEAD: RADIUS server xx.xx.xx.xx:1645,1646 is not responding,

(xx)Month  (xx)Date (xx:xx:xx)Time : %RADIUS-4-RADIUS_ALIVE: RADIUS server xx.xx.xx.xx:1645,1646 has returned

The problem is observed in a sceneraio where two radius servers are configured.

Resolution

The problem is documented in Cisco bug ID CSCir00551 and Cisco bug ID CSCsh26203.

There is no authentication failure observed while the Radius dead/alive messages are still issued. It seems to be a false report. The message is an alarm that appears to be cosmetic and related to the ACS server. The problem is first found in version 2.2(1).

If you do not wish to see these messages, remove the second server. As documented in Cisco bug ID CSCsh26203, have two Microsoft Windows 2003 server with ACS 3.3(2) build two. When the WLSM points to the second radius server, infrastructure APs authenticate fine and clients are able to authenticate as well, but you possibly see the radius dead/alive messages on WLSM.

You do not see this message for the first radius server. When the first radius server is utilised, the second radius server is in idle and WLSM gets radius dead/alive messages continously.

Also, the %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.0.0.51:1812,1813 has returned. error message  is misleading. It does not say that the server has returned, and it only says that RADIUS has marked the server as alive because the deadtime timer has expired.  If nothing is configured the default is 0 seconds deadtime with no test probe. RADIUS is also able to resend messages to this server again.This error message can also occur when there is a shared key mismatch between the RADIUS and the access point (AP).

Note: Run the radius-server dead-criteria time 3 tries 3 command in order to identify a RADIUS failure.

Refer to these documents for more information:

Problem Type

Error message

Products

Wireless LAN Service Module (WLSM)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: