Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1732
Views
5
Helpful
2
Replies

AAA server both down but some host in

getaway51
Level 2
Level 2

‎02-12-2021 09:36 PM

Hi,

 

Currently both AAA radius server is DOWN but there are some hosts in Status: Unauthorized.

As I know, when all AAA servers down, all hosts should be in Status: Authorized.

May I know is it the config issue here? Wht I worried is tht when the host is in Unauth as below during AAA server down, it will be BLOCKED in CLOSED mode. Is there any reason why hosts in Unauth and not Auth when AAA both down? The host below shown Auth. 

 

CLS901#sh auth ses

Gi1/0/26 0077.4355.f2f2 dot1x UNKNOWN Unauth AC3EAS040000000B566B3CAD
Gi1/0/46 bc26.df56.9cfc mab UNKNOWN Auth AC3AS040000000C855B50FC

0 Helpful
2 Replies 2

martin.fischer
Level 1
Level 1

‎02-15-2021 02:40 AM

Hi @getaway51 

Can you provide the configuration of the interface and if IBNS 2.0 is used also the configuration of the policy-map which is attached to the interface?

Mohammed al Baqari
Level 11
Level 11

‎02-15-2021 03:20 AM

Hi,

If all AAA servers are down then all your ports will be Unauth. This is
expected. To overcome this you need to configure critical VLAN/ACL. Another
option is to tune your pre-auth ACL to be in half-monitor mode (i.e. some
important traffic already allowed by pre-auth ACL).

***** please remember to rate useful posts
0 Helpful
Customers Also Viewed These Support Documents