tareq

There are several things that might cause the symptoms that you describe. I would start with questions of IP connectivity. Is there correct IP connectivity between your AS5400 and the radius server that you have configured? A good way to test this would be a traceroute from the AS5400 to the Radius server.

If the traceroute shows correct IP connectivity then the next thing that I would suggest is the possibility that your AS5400 is sourcing the packets from an address that is different from what you expect. The partial config that you posted does not show that you are specifying the source address for the Radius packets. I would suggest that you specify the source address for Radius packets (to be whatever address you configured on the Radius server to represent the AS5400).

If specifying the source address does not improve the problem then I would suggest looking for the possibility of an access list or some other packet filtering that may not be permitting UDP ports 1645 and 1646 to pass. The output of the traceroute would give you a list of devices to check for this.

If none of these improve the problem I would look into the possibility that there is some issue on the AS5400. I wonder about the use of if-needed in the aaa authentication ppp command. Is there a possibility that clients get authenticated before the PPP session starts and therefore are not passed to Radius for authentication. To investigate this I would suggest run debug aaa authentication and perhaps debug radius authentication. Run these debugs, make some client connections, and post the debug output. Lets see if the AS5400 believes that it is sending the authentication requests.

HTH

Rick