06-06-2019 06:53 AM
CISCO Gurus
I currently have an older Windows 2008 Server set up as a RADIUS and all worksa well. I built a new Windows Server 2019 RADIUS Server to replace it. theyt are BOTH Virtual MAchines in a VM enbvironment. If I change the settings inside of one of my CISCOP 3750 switches to point to the new one it works fine
However if I chage the IP and name of the new one to the IP and name of the old one. it does not work. and the company wireless stops working. I am wondering if there is some cache that might have to be cleared of a MAC address or if someone had seen this before?
06-06-2019 07:09 AM
Hi there,
Since you don't explicitly mention it in your method, does the new server have the same shared RADIUS secrets for all devices as the old one?
cheers,
Seb.
06-06-2019 07:24 AM
Seb
yes, Same shared secrets as the old one
06-06-2019 07:30 AM
Sorry, should have read the first paragrpah! :)
Try clearing the ARP cache of the switch which routes the VLAN which the RADIUS server is connected to:
clear arp-cache <server_ip_address>
This will force the switch to ARP for the new server.
cheers,
Seb.
06-06-2019 07:35 AM
SEB
SO the VM infrastructiure is connected to a pair of switches that forwards traffic to a core 6509 which actually does the VLAN routing. Would clearing the cache on the switches the VM infrastructure is connected to do it, or do I actually need to clear the cache on the 6509? I don't really want to do anything on the core 6509 switches during businees hours ( I think I already know the answer, but verification from a more seasoned expert is always a plus)
06-06-2019 07:47 AM
SEB
I know that clearing the APR cache of just that IP/MAC is pretty safe, SOI if I go ahead and chanage the new server to ther IP and name of the old one. It should be safe to then clear it and wait a few minutes.
06-06-2019 08:00 AM
If the 6509 is doing the routing for the VLAN then that is where you want to issue the command.
It is worth pointing out that as soon as the 6509 receives an Ethernet frame from the new server, it will contain an IP header which it will use to automatically update the ARP cache.
Clearing a specific ARP entry forces the switch to ARP for the server when it receives a new packet destined to the server (for which it no longer has an ARP entry for).
Since you are only purging a single entry this is perfectly safe to do.
cheers,
Seb.
06-07-2019 06:00 AM
Seb or anyone
That did not wotk, I tried it twice. Could it be something else. I immediately thought the same thing. It should work
06-09-2019 11:33 PM
Can you confirm that the new server is not receiving the RADIUS packets? Running wireshark and filtering with the keyword 'radius' should tell us what we need to know. Perhaps ensure the windows firewall is disabled to rule that out.
If we see traffic incoming, then there is some sort of RADIUS service problem, if there is no traffic then we can look at running a traffic capture on the 6509 on the SVI where the RADIUS traffic is routed.
cheers,
Seb.
06-10-2019 07:03 AM
Seb
I will do so and let you know what I see
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide