Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
550
Views
0
Helpful
12
Replies

removing and add back radius server with new key give handle error

sajanjohn2020
Level 1
Level 1

‎01-16-2025 05:18 PM

cat-switch(config)#aaa new-model
Cat-switch(config)#aaa group server radius NVDTN_SERVERS
Cat-switch(config-sg-radius)#server-private 192.168.14.10 key cisco
Private IPADDR : 192.168.14.10 Found with : handle : 00000000

I  remove  aaa configuration and re - add  aaa configuration because secret key had changed. 
But unable to add back because the IPADDR server give handle error.

I tried the command to Clear aaa session, cache, without success.

Please advise how clear handle error for the ip address associated.

thanks
Sajan

Labels:
0 Helpful
12 Replies 12

Devaa
Level 1
Level 1

‎01-16-2025 07:44 PM

Could you please share logs of below cmd. (mask any confidential info)

show runn | sec radius|aaa|tacacs

 

0 Helpful

sajanjohn2020
Level 1
Level 1
In response to Devaa

‎01-17-2025 06:07 AM

aaa new-model
aaa group server radius RADIUS_SERVERS
server-private 192.168.11.1 key 7 abcdefg
aaa authentication login default group RADIUS_SERVERS local
aaa authentication login CONSOLE local
aaa authorization exec default group RADIUS_SERVERS local if-authenticated

0 Helpful

Devaa
Level 1
Level 1

‎01-17-2025 08:15 AM

I'm unable to replicate this. Are you able to replicate this in any other device?

All the devices are throwing errors like this or any specific router / switch only with specific model or version throwing such error? 

Did you try to delete aaa server group and add again? 

no aaa group server radius RADIUS_SERVERS
aaa group server radius RADIUS_SERVERS
 server-private 192.168.11.1 key 7 abcdefg

 

0 Helpful

sajanjohn2020
Level 1
Level 1
In response to Devaa

‎01-17-2025 11:25 AM

Yes, every time  i can recreate , Only thing i have left to do is reboot the switch.

for some reason removing the group server is not releasing  the IP address from aaa config.
 Is there a IOS  command to check if  this IP address exist in the aaa /radius cache , so that i can clear.
something like an ip  arp table.
 

0 Helpful

MHM Cisco World
VIP
VIP
In response to sajanjohn2020

‎01-17-2025 11:49 AM - edited ‎01-17-2025 11:50 AM

Config server IP and Key in global'  then add server name under server group.

MHM

0 Helpful

Aref Alsouqi
VIP
VIP

‎01-18-2025 05:10 AM - edited ‎01-18-2025 06:51 AM

Try this please.

1) Remove the RADIUS server from the RADIUS group:

aaa group server radius NVDTN_SERVERS
   no server-private 192.168.14.10

2) Create the RADIUS server object:

radius server RADIUS-SERVER
   address ipv4 192.168.14.10
   key cisco

3) Add the newly created RADIUS server to the group:

aaa group server radius NVDTN_SERVERS
   server name RADIUS-SERVER

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Aref Alsouqi

‎01-18-2025 05:12 AM

I dont know what is different from what I mention???

Really 

MHM

0 Helpful

sajanjohn2020
Level 1
Level 1
In response to Aref Alsouqi

‎01-21-2025 06:32 AM - edited ‎01-21-2025 06:34 AM

Thanks a lot for the radius server workaround. I am able to add radius server with this ip4 address using your workaround.

radius server RADIUS-SERVER
address ipv4 192.168.14.10 auth-port 1645 acct-port 1646
key 7 13061E010803

Is there a solution to clear the IP handle error once it appears with private ipaddr.
What is the cisco command to clear this private IPADDR causing the handle error.??

aaa group server radius NVDTN_SERVERS
no server-private 192.168.14.10 key cisco
!

Cat-switch(config-sg-radius)#server-private 192.168.14.10 key cisco
Private IPADDR : 192.168.14.10 Found with : handle : 00000000

0 Helpful

Aref Alsouqi
VIP
VIP
In response to sajanjohn2020

‎01-21-2025 10:29 AM

You are very welcome. Tbh I'm not sure what the cause of that error, and I think it is more a software bug than anything else. If memory serves, I think I ran into a similar issue some time ago and I couldn't clear it without reloading the switch. Probably it could be resolved by removing the aaa new-model config and reapply it but I wouldn't recommend this as depending on your config you might lock yourself out of the switch. Easiest way to try to clear it would be to reload the switch when possible.

I would also recommend looking into the switch software release that you are running and check on Cisco software portal if that is the latest recommended, if not probably I would consider upgrading to the recommended release.

0 Helpful

sajanjohn2020
Level 1
Level 1
In response to Aref Alsouqi

‎01-21-2025 01:53 PM

thanks, will try to reload switch.
May be upgrading my switch would resolve. Also i have old IOS version,  need to be upgraded IOS  . Let me know which is latest stable  IOS build to use. Is 17.3.5 good build..?

current version below
Switch-101-20#show version
Cisco IOS XE Software, Version 16.12.04
Cisco IOS Software [Gibraltar], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 16.12.4, RELEASE SOFTWARE (fc5)

0 Helpful

Aref Alsouqi
VIP
VIP
In response to sajanjohn2020

‎01-22-2025 01:36 AM

Yeah the 16.12.4 is a bit old and I think the latest recommended release for the 9K switches would be 17.12.4. Take a look at this link for more details please:

Switches: Support and Downloads - Cisco

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card