https://community.cisco.com/t5/network-access-control/please-help-diagnose-radius-timeout/m-p/3375450#M549069 <P>I am attempting to deploy 802.1x to my VPN sites, my NPS has the ports allowed on both inbound and outbound rules.</P> <P><BR />I am using 1812 for Authentication and 1813 for accounting (although 1645, 1646 are also allows on the NPS ports)</P> <P><BR />On a Cisco 3850-48P&nbsp;(139.139.210.18) on interface G1/0/21 I have a machine and a phone.</P> <P>If I configure 802.1x here at my campus (a network which is directly connected to RADIUS I can authenticate no problems. So it is not a server issue.</P> <P>&nbsp;</P> <P>The phone is only authenticating since i have the "trust device cisco-phone" command enabled.&nbsp;</P> <P>Interface info:</P> <P>description USER_DOT1X<BR /> switchport access vlan 120<BR /> switchport mode access<BR /> switchport voice vlan 3120<BR /> trust device cisco-phone<BR /> authentication control-direction in<BR /> authentication event fail retry 3 action authorize vlan 65<BR /> authentication event server dead action authorize vlan 120<BR /> authentication event no-response action authorize vlan 67<BR /> authentication host-mode multi-domain<BR /> authentication order mab dot1x<BR /> authentication port-control auto<BR /> authentication timer restart 65535<BR /> authentication violation restrict<BR /> mab<BR /> no snmp trap link-status<BR /> dot1x pae authenticator<BR /> spanning-tree portfast</P> <P>&nbsp;</P> <P>I can ping my server (147.36.34.164), and I quadruple checked that the shared-secrets were identical.</P> <P>Once 802.1x is enabled, the debugging capture authenticates the phone due to it being a "trusted device" but still says "Check network" the machine does not authenticate. Here is my output: **I have omitted irrelevant lines**&nbsp;</P> <P>See attached for the full notepad log and other commands.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 21 Feb 2020 18:54:48 GMT stevenbailor 2020-02-21T18:54:48Z https://community.cisco.com/t5/network-access-control/please-help-diagnose-radius-timeout/m-p/3375450#M549069 <P>I am attempting to deploy 802.1x to my VPN sites, my NPS has the ports allowed on both inbound and outbound rules.</P> <P><BR />I am using 1812 for Authentication and 1813 for accounting (although 1645, 1646 are also allows on the NPS ports)</P> <P><BR />On a Cisco 3850-48P&nbsp;(139.139.210.18) on interface G1/0/21 I have a machine and a phone.</P> <P>If I configure 802.1x here at my campus (a network which is directly connected to RADIUS I can authenticate no problems. So it is not a server issue.</P> <P>&nbsp;</P> <P>The phone is only authenticating since i have the "trust device cisco-phone" command enabled.&nbsp;</P> <P>Interface info:</P> <P>description USER_DOT1X<BR /> switchport access vlan 120<BR /> switchport mode access<BR /> switchport voice vlan 3120<BR /> trust device cisco-phone<BR /> authentication control-direction in<BR /> authentication event fail retry 3 action authorize vlan 65<BR /> authentication event server dead action authorize vlan 120<BR /> authentication event no-response action authorize vlan 67<BR /> authentication host-mode multi-domain<BR /> authentication order mab dot1x<BR /> authentication port-control auto<BR /> authentication timer restart 65535<BR /> authentication violation restrict<BR /> mab<BR /> no snmp trap link-status<BR /> dot1x pae authenticator<BR /> spanning-tree portfast</P> <P>&nbsp;</P> <P>I can ping my server (147.36.34.164), and I quadruple checked that the shared-secrets were identical.</P> <P>Once 802.1x is enabled, the debugging capture authenticates the phone due to it being a "trusted device" but still says "Check network" the machine does not authenticate. Here is my output: **I have omitted irrelevant lines**&nbsp;</P> <P>See attached for the full notepad log and other commands.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 21 Feb 2020 18:54:48 GMT https://community.cisco.com/t5/network-access-control/please-help-diagnose-radius-timeout/m-p/3375450#M549069 stevenbailor 2020-02-21T18:54:48Z https://community.cisco.com/t5/network-access-control/please-help-diagnose-radius-timeout/m-p/3375852#M549070 <P>Your switch logs say access-reject received from RADIUS server; what do the logs in your RADIUS server say?</P> Tue, 01 May 2018 07:52:20 GMT https://community.cisco.com/t5/network-access-control/please-help-diagnose-radius-timeout/m-p/3375852#M549070 RichardAtkin 2018-05-01T07:52:20Z