This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I'm having a strange issue. I'm running a 3560 8 port switch with c3560-ipbasek9-mz.122-58.SE2.bin.
Here is the relevant config:
ip address 172.20.40.18 255.255.255.0
ip route 0.0.0.0 0.0.0.0 172.20.40.1
aaa group server radius RADIUSGROUP
server name RADIUS-SERVER1
aaa authentication login default group RADIUSGROUP local
radius server RADIUS-SERVER1
address ipv4 172.20.1.2 auth-port 1812 acct-port 1813
key 7 xxx
I am able to ping the radius server from the switch so there is L3 connectivity. However, when I try to login using my radius credentials, I get:
Request timed out.
00:58:35: RADIUS(00000014): Request timed out
00:58:35: RADIUS: No response from (172.20.1.2:1812,1813) for id 1645/14
00:58:35: RADIUS/DECODE: No response from radius-server; parse response; FAIL
00:58:35: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
A packet capture shows that pings go across, but I don't see any packets being sent at all for the radius authentication attempt.
I am not running any VRFs or packet filter ACLs.
Does anyone have any ideas?
Thank you in advance.
What radius server are you running? Could you please verify the shared-secret key on server and switch side.
**Do rate helpful posts**
I wish it was that simple as a mismatched shared-secret. The problem is that the switch isn't even sending any packets out to the radius server AT ALL.
What radius server are you using? Some radius servers (Windows for example) do not use port 1812 and 1813 for communication, but 1645 and 1646 instead.
Could be worth checking out.
I'm sorry guys, I forgot the name of the radius server. However, I want to focus on why there is no traffic coming out of the switch when it is attempting to communicate with the radius server. I don't see any packets coming out of the switch destined for the radius server in the first place. The radius server works when I configure it on other switches. I used the exact same configuration on all the switches. They are the same model with the same firmware. I checksummed the firmware and it is good.
What are you trying to achieve? Do you want to use radius for managment login into the switch?
If so, I think you must add this line:
aaa authorization exec default group RADIUSGROUP local
Hi, yes, I have that line in there as well. I'm trying to ssh into the switch and authenticate using radius. I am able to SSH in, but when I attempt to authenticate, it doesn't look like the switch is communicating with the radius server at all. A packet capture shows that there are no radius traffic. It is really strange and probably one of those rare issues. I've set up dozens of switch like this and never had any problems before.