https://community.cisco.com/t5/network-access-control/unknown-domain-radius-server-dead/m-p/3994514#M455378 <P>Try the following:</P> <P>authentication event server dead action reinitialize {ACCESS_VLAN}</P> <P>authentication event server dead action authorize voice</P> <P><A href="https://community.cisco.com/t5/security-documents/top-ten-mis-configured-cisco-ios-switch-settings-for-ise/ta-p/3643912#toc-hId--651964017" target="_blank" rel="noopener">https://community.cisco.com/t5/security-documents/top-ten-mis-configured-cisco-ios-switch-settings-for-ise/ta-p/3643912#toc-hId--651964017</A></P> <P>&nbsp;</P> Fri, 06 Dec 2019 00:31:03 GMT howon 2019-12-06T00:31:03Z https://community.cisco.com/t5/network-access-control/unknown-domain-radius-server-dead/m-p/3991858#M455285 <P>Currently have an issue when our edge switch reboots the authentication sessions on the switch come back with "UNKNOWN" domain.</P><P>&nbsp;</P><P>The AAA server is marked as "alive" but these auth session stay in an "UNKNOWN" Domain and failed Authentication .</P><P>Shouldn't these port "reinitialize" when the AAA server become reachable again?</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture1.PNG" style="width: 746px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/62550iC74C8BD86539DCA7/image-size/large?v=v2&amp;px=999" role="button" title="Capture1.PNG" alt="Capture1.PNG" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture2.PNG" style="width: 494px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/62549iAC3067F379E33500/image-size/large?v=v2&amp;px=999" role="button" title="Capture2.PNG" alt="Capture2.PNG" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture3.PNG" style="width: 521px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/62551iB6295F63EC966846/image-size/large?v=v2&amp;px=999" role="button" title="Capture3.PNG" alt="Capture3.PNG" /></span></P> Mon, 02 Dec 2019 03:27:47 GMT https://community.cisco.com/t5/network-access-control/unknown-domain-radius-server-dead/m-p/3991858#M455285 x00008037 2019-12-02T03:27:47Z https://community.cisco.com/t5/network-access-control/unknown-domain-radius-server-dead/m-p/3994502#M455288 <P>It may be possible that since this is due to switch reload rather than AAA down scenario, the reinitialization is not being triggered. It has been a while, but I recall suggesting to recycle the interface (shut/no shut) after such incident to get the authentication working, which can be scripted via management tool.</P> Thu, 05 Dec 2019 23:33:11 GMT https://community.cisco.com/t5/network-access-control/unknown-domain-radius-server-dead/m-p/3994502#M455288 howon 2019-12-05T23:33:11Z https://community.cisco.com/t5/network-access-control/unknown-domain-radius-server-dead/m-p/3994508#M455377 <P>Hi,</P><P>&nbsp;</P><P>thanks for the reply, but even when the radius server is marked down the session on the switch ports fail into an authorized state with DOMAIN UNKNOWN. When the server becomes reachable again the Domain stays in UNKNOWN state,</P><P>&nbsp;</P><P>Is there a mechanism to re-initilise the ports without a shut no shut? I would of though the switch port config "alive action re-initilize" as enough?</P><P>.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 05 Dec 2019 23:53:46 GMT https://community.cisco.com/t5/network-access-control/unknown-domain-radius-server-dead/m-p/3994508#M455377 x00008037 2019-12-05T23:53:46Z https://community.cisco.com/t5/network-access-control/unknown-domain-radius-server-dead/m-p/3994514#M455378 <P>Try the following:</P> <P>authentication event server dead action reinitialize {ACCESS_VLAN}</P> <P>authentication event server dead action authorize voice</P> <P><A href="https://community.cisco.com/t5/security-documents/top-ten-mis-configured-cisco-ios-switch-settings-for-ise/ta-p/3643912#toc-hId--651964017" target="_blank" rel="noopener">https://community.cisco.com/t5/security-documents/top-ten-mis-configured-cisco-ios-switch-settings-for-ise/ta-p/3643912#toc-hId--651964017</A></P> <P>&nbsp;</P> Fri, 06 Dec 2019 00:31:03 GMT https://community.cisco.com/t5/network-access-control/unknown-domain-radius-server-dead/m-p/3994514#M455378 howon 2019-12-06T00:31:03Z https://community.cisco.com/t5/network-access-control/unknown-domain-radius-server-dead/m-p/4024701#M455379 <P>Still an issue,</P><P>&nbsp;</P><P>Ports are being marked in an UNKNOWN state when the radius server is marked DEAD. Then when radius server comes back online the DOMAIN remains in UNKNOWN state</P> Thu, 06 Feb 2020 06:46:18 GMT https://community.cisco.com/t5/network-access-control/unknown-domain-radius-server-dead/m-p/4024701#M455379 x00008037 2020-02-06T06:46:18Z https://community.cisco.com/t5/network-access-control/unknown-domain-radius-server-dead/m-p/5196580#M591894 <P>Did you find a resolution for the UNKNOWN state after RAIDUS servers were down?</P> Thu, 19 Sep 2024 19:53:45 GMT https://community.cisco.com/t5/network-access-control/unknown-domain-radius-server-dead/m-p/5196580#M591894 Captain82 2024-09-19T19:53:45Z