Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3594
Views
0
Helpful
5
Replies

UNKNOWN Domain radius server dead

Go to solution
x00008037
Level 1
Level 1

‎12-01-2019 07:27 PM

Currently have an issue when our edge switch reboots the authentication sessions on the switch come back with "UNKNOWN" domain.

 

The AAA server is marked as "alive" but these auth session stay in an "UNKNOWN" Domain and failed Authentication .

Shouldn't these port "reinitialize" when the AAA server become reachable again?

 

Capture1.PNGCapture2.PNG

Capture3.PNG

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee
In response to x00008037

‎12-05-2019 04:30 PM - edited ‎12-05-2019 04:31 PM

Try the following:

authentication event server dead action reinitialize {ACCESS_VLAN}

authentication event server dead action authorize voice

https://community.cisco.com/t5/security-documents/top-ten-mis-configured-cisco-ios-switch-settings-for-ise/ta-p/3643912#toc-hId--651964017

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
howon
Cisco Employee
Cisco Employee

‎12-05-2019 03:33 PM

It may be possible that since this is due to switch reload rather than AAA down scenario, the reinitialization is not being triggered. It has been a while, but I recall suggesting to recycle the interface (shut/no shut) after such incident to get the authentication working, which can be scripted via management tool.

0 Helpful

Go to solution
x00008037
Level 1
Level 1
In response to howon

‎12-05-2019 03:53 PM

Hi,

 

thanks for the reply, but even when the radius server is marked down the session on the switch ports fail into an authorized state with DOMAIN UNKNOWN. When the server becomes reachable again the Domain stays in UNKNOWN state,

 

Is there a mechanism to re-initilise the ports without a shut no shut? I would of though the switch port config "alive action re-initilize" as enough?

.

 

 

0 Helpful

Go to solution
howon
Cisco Employee
Cisco Employee
In response to x00008037

‎12-05-2019 04:30 PM - edited ‎12-05-2019 04:31 PM

Try the following:

authentication event server dead action reinitialize {ACCESS_VLAN}

authentication event server dead action authorize voice

https://community.cisco.com/t5/security-documents/top-ten-mis-configured-cisco-ios-switch-settings-for-ise/ta-p/3643912#toc-hId--651964017

 

0 Helpful

Go to solution
x00008037
Level 1
Level 1
In response to howon

‎02-05-2020 10:46 PM

Still an issue,

 

Ports are being marked in an UNKNOWN state when the radius server is marked DEAD. Then when radius server comes back online the DOMAIN remains in UNKNOWN state

0 Helpful

Go to solution
Captain82
Level 1
Level 1
In response to x00008037

‎09-19-2024 12:53 PM

Did you find a resolution for the UNKNOWN state after RAIDUS servers were down?

0 Helpful
Top