11-01-2013 09:57 AM - edited 03-10-2019 09:03 PM
I'm having a strange issue. I'm running a 3560 8 port switch with c3560-ipbasek9-mz.122-58.SE2.bin.
Here is the relevant config:
interface Vlan140
ip address 172.20.40.18 255.255.255.0
ip route 0.0.0.0 0.0.0.0 172.20.40.1
aaa new-model
aaa group server radius RADIUSGROUP
server name RADIUS-SERVER1
aaa authentication login default group RADIUSGROUP local
radius server RADIUS-SERVER1
address ipv4 172.20.1.2 auth-port 1812 acct-port 1813
key 7 xxx
-----------------------
I am able to ping the radius server from the switch so there is L3 connectivity. However, when I try to login using my radius credentials, I get:
Request timed out.
00:58:35: RADIUS(00000014): Request timed out
00:58:35: RADIUS: No response from (172.20.1.2:1812,1813) for id 1645/14
00:58:35: RADIUS/DECODE: No response from radius-server; parse response; FAIL
00:58:35: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
A packet capture shows that pings go across, but I don't see any packets being sent at all for the radius authentication attempt.
I am not running any VRFs or packet filter ACLs.
Does anyone have any ideas?
Thank you in advance.
11-01-2013 10:00 AM
By the way, I forgot to mention that I've tried it with the "ip radius source-interface" of the vlan interface but still no game.
11-01-2013 01:48 PM
What radius server are you running? Could you please verify the shared-secret key on server and switch side.
~BR
Jatin Katyal
**Do rate helpful posts**
11-01-2013 02:10 PM
Hey Jatin,
I wish it was that simple as a mismatched shared-secret. The problem is that the switch isn't even sending any packets out to the radius server AT ALL.
Vince
11-02-2013 02:38 AM
Hi.
What radius server are you using? Some radius servers (Windows for example) do not use port 1812 and 1813 for communication, but 1645 and 1646 instead.
Could be worth checking out.
- Dal
11-02-2013 09:20 AM
I'm sorry guys, I forgot the name of the radius server. However, I want to focus on why there is no traffic coming out of the switch when it is attempting to communicate with the radius server. I don't see any packets coming out of the switch destined for the radius server in the first place. The radius server works when I configure it on other switches. I used the exact same configuration on all the switches. They are the same model with the same firmware. I checksummed the firmware and it is good.
11-02-2013 04:09 PM
What are you trying to achieve? Do you want to use radius for managment login into the switch?
If so, I think you must add this line:
aaa authorization exec default group RADIUSGROUP local
11-06-2013 03:01 PM
Hi, yes, I have that line in there as well. I'm trying to ssh into the switch and authenticate using radius. I am able to SSH in, but when I attempt to authenticate, it doesn't look like the switch is communicating with the radius server at all. A packet capture shows that there are no radius traffic. It is really strange and probably one of those rare issues. I've set up dozens of switch like this and never had any problems before.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide