cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1204
Views
0
Helpful
3
Replies
Highlighted

Catalyst 9300 RADIUS debug and show commands

Hi All,

 

I'm testing 802.1X on a Cat9300 running IOS XE 16.8.1a.

But I'm running into some 'cosmetic' issues.

  1. when running 'show aaa servers', all counters are '0'
    Is anyone else running into this?
  2. debugging RADIUS seems to have changed in IOS XE 16, now I need to run the 'show platform software trace message smd ...' command to get some visibility.
    However this does not give me the same detail i'm used to in the passed (debug radius authentication / debug radius accounting).
    Am I doing something wrong? Or are there any plans to fix this in the future?
Everyone's tags (3)
3 REPLIES 3
Enthusiast

Re: Catalyst 9300 RADIUS debug and show commands

Hi, we have this problem too and it is very frustrating as there seems the only way to debug dot1X/EAP-TLS authentication only via "set platform software trace..." and "show platform software trace message..." - this step backwards from simplicity cannot be explained to our customers.

 

Besides the image 16.6.4 just didnt work on our 9300 for dot1x authentication. We downgraded to 16.6.3 and now it mostly works, but still some dot1x authentications fail - and we can't debug correctly why, having to wireshark the problem...

Cisco why just why.... Do you really think we go DNA with this teething problems!?(Yes)

 

ps. I suggest downgrading to test counters displaying for "show aaa servers"

VIP Engager

Re: Catalyst 9300 RADIUS debug and show commands

I have not had any show stopping issues testing and running both dot1x and trustsec on the 9300's with 16.6.4. Also have many 16.6.3 3850's out in the wild, no issues with authentication or trustsec there either.

As for OP's issues with counters on 16.8, at least on the switches I have available to me running 16.6, the show aaa servers output is not zeros.
Beginner

Re: Catalyst 9300 RADIUS debug and show commands

Hi,

is there any update on that topic?

I struggle with the same thing right now.

Trying to implement our 802.1x Setup in C3PL, but can't

do helpful analyses because of this strange debug "feature".