Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2476
Views
0
Helpful
4
Replies

RADIUS: id 2 State: current DEAD. Can ping but radius state shows DEAD.

getaway51
Level 2
Level 2

‎02-12-2021 07:37 AM

May I know how do i check radius server or re-initialize the whole authentication process?

RADIUS: id 2 State: current DEAD. 

I can ping clsauth2 10.4.4.2, but it shows DEAD. Wht could be the reason?

 

aaa group server radius CLS-auth
server name clsauth1
server name clsauth2
!
radius server clsauth1
address ipv4 10.4.4.1 auth-port 1812 acct-port 1813
automate-tester username dummy probe-on
key fdjfdui855345
!
radius server clsauth2
address ipv4 10.4.4.2 auth-port 1812 acct-port 1813
automate-tester username dummy probe-on
key fdjfdui855345
!
ip radius source-interface loopback 0
radius-server dead-criteria time 5 tries 2
radius-server deadtime 2
!

0 Helpful
4 Replies 4

Marcelo Morais
VIP
VIP

‎02-12-2021 10:14 AM

Hi @getaway51 

 please try the following CLI command at the 10.4.4.1:

show ports | inc 1812

 If the result of the command is empty, double check if the 10.4.4.1 is a PSN (in Administration > System > Deployment).

 

PS.: you are able to ping the 10.4.4.1, but the port 1812 may be "down" !!!

 

Hope this helps !!!

0 Helpful

MHM Cisco World
VIP
VIP

‎02-12-2021 06:03 PM

There is two thing

ping not meaning that aaa server reachable, by default ping use closet interface as source to destination and hence the router/switch

the problem is the interface sometime if different than what aaa config with this make aaa decline as dead.

solution select IP address for all radius server and it prefer to be Loopback.

second check if there is any fw that block radius port

0 Helpful

getaway51
Level 2
Level 2
In response to MHM Cisco World

‎02-12-2021 08:42 PM

Hi,

 

Thanks a lot guys for yr valuable input!!

 

It doesn't have sh ports command. but have sh ip ports. Not sure if they are the same

sh ip ports all | i 1812
udp 0.0.0.0:1812 0.0.0.0:* 932/smd
udp6 :::1812 :::* 932/smd

 

I am using the vlan IP as the source for radius

ip radius source-int vlan10

ping 10.4.4.2 so vl10-is 100% success. 

 

I think it could be firewall blocking ports 1812 and 1813. Is there any other ports 802.1x is using other than these 2 ports?

 

 

 

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to getaway51

‎02-13-2021 02:49 AM

Radius only use this udp ports

0 Helpful
Customers Also Viewed These Support Documents