02-06-2013 02:15 AM - edited 03-07-2019 11:32 AM
Hi;
We use 802.1x environment on cisco 2960 switches with windows 2003 radius server.
Switch ios :
12.2(50)SE1 C2960-LANBASEK9-M
In switch config example;
.......
interface GigabitEthernet0/9
switchport mode access
authentication port-control auto
authentication violation protect
dot1x pae authenticator
dot1x timeout server-timeout 120
dot1x timeout supp-timeout 60
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
....
ip radius source-interface Vlan1
radius-server dead-criteria time 3 tries 3
radius-server host 10.50.10.38 auth-port 1812 acct-port 1646 key xxxxx
radius-server host 10.50.10.39 auth-port 1812 acct-port 1646 key xxxxx
......
today our first radius (10.50.10.38) went down. I mean we shutdown server. But client couldnt connect the network over second one (10.50.10.39).
In logs we started to see;
%RADIUS-4-RADIUS_DEAD: RADIUS server 10.50.10.39:1812,1646 is not responding.
2y9w: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.50.10.39:1812,1646 is being marked alive.
2y9w: %AUTHMGR-5-START: Starting 'dot1x' for client (0019.992f.6f3e) on Interface Gi0/21
2y9w: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.50.10.39:1812,1646 is not responding.
2y9w: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.50.10.39:1812,1646 is being marked alive.
2y9w: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.50.10.38:1812,1646 is not responding.
2y9w: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.50.10.38:1812,1646 is being marked alive.
2y9w: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.50.10.39:1812,1646 is not responding.
2y9w: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.50.10.39:1812,1646 is being marked alive.
2y9w: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.50.10.38:1812,1646 is not responding.
2y9w: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.50.10.38:1812,1646 is being marked alive.
What we supposed to do ?
Thanks
Best regards
Solved! Go to Solution.
02-06-2013 08:07 AM
Hi,
I'm glad to hear everything's working. Appreciate if you could rate the post and mark the thread answered.
Sent from Cisco Technical Support iPad App
02-06-2013 04:49 AM
Hi,
Try to check if both C2960 and RADIUS server are configured to use the same authentication and accounting ports and key. Also ensure these ports are open in your firewall in case you're using one in your environment.
Sent from Cisco Technical Support iPad App
02-06-2013 06:19 AM
Hi;
Thank you for your advise, also i made a little optimization on configs like
" radius-server deadtime 1"
after this command, client try first radius if its down then 1-2 minutes later try second one. It seems more efficiently now
Thanks
Best regards
02-06-2013 08:07 AM
Hi,
I'm glad to hear everything's working. Appreciate if you could rate the post and mark the thread answered.
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide