Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1794
Views
0
Helpful
3
Replies

802.1x Radius Redundancy Error

Go to solution
CSCO11177789
Level 1
Level 1

‎02-06-2013 02:15 AM - edited ‎03-07-2019 11:32 AM

Hi;

We use 802.1x environment on cisco 2960 switches with windows 2003 radius server.

Switch ios :

12.2(50)SE1           C2960-LANBASEK9-M

In switch config example;

.......

interface GigabitEthernet0/9

switchport mode access

authentication port-control auto

authentication violation protect

dot1x pae authenticator

dot1x timeout server-timeout 120

dot1x timeout supp-timeout 60

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

....

ip radius source-interface Vlan1

radius-server dead-criteria time 3 tries 3

radius-server host 10.50.10.38 auth-port 1812 acct-port 1646 key xxxxx

radius-server host 10.50.10.39 auth-port 1812 acct-port 1646 key xxxxx

......

today our first radius (10.50.10.38) went down. I mean we shutdown server. But client couldnt connect the network over second one (10.50.10.39).

In logs we started to see;

%RADIUS-4-RADIUS_DEAD: RADIUS server 10.50.10.39:1812,1646 is not responding.

2y9w: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.50.10.39:1812,1646 is being marked alive.

2y9w: %AUTHMGR-5-START: Starting 'dot1x' for client (0019.992f.6f3e) on Interface Gi0/21

2y9w: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.50.10.39:1812,1646 is not responding.

2y9w: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.50.10.39:1812,1646 is being marked alive.

2y9w: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.50.10.38:1812,1646 is not responding.

2y9w: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.50.10.38:1812,1646 is being marked alive.

2y9w: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.50.10.39:1812,1646 is not responding.

2y9w: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.50.10.39:1812,1646 is being marked alive.

2y9w: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.50.10.38:1812,1646 is not responding.

2y9w: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.50.10.38:1812,1646 is being marked alive.

What we supposed to do ?

Thanks

Best regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johnlloyd_13
Level 9
Level 9
In response to CSCO11177789

‎02-06-2013 08:07 AM

Hi,

I'm glad to hear everything's working. Appreciate if you could rate the post and mark the thread answered.

Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
3 Replies 3

Go to solution
johnlloyd_13
Level 9
Level 9

‎02-06-2013 04:49 AM

Hi,

Try to check if both C2960 and RADIUS server are configured to use the same authentication and accounting ports and key. Also ensure these ports are open in your firewall in case you're using one in your environment.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
CSCO11177789
Level 1
Level 1
In response to johnlloyd_13

‎02-06-2013 06:19 AM

Hi;

Thank you for your advise, also i made a little optimization on configs like

" radius-server deadtime 1"

after this command, client try first radius if its down then 1-2 minutes later try second one. It seems more efficiently now

Thanks

Best regards

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to CSCO11177789

‎02-06-2013 08:07 AM

Hi,

I'm glad to hear everything's working. Appreciate if you could rate the post and mark the thread answered.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card