I have five C3850. they have all the same configuration (except port configuration).
I manage them trough the management interface gi0/0
I authenticate with a Radius
On all the switches, i have configured Radius authentication . The authentication configuration is excactly the same on all the switches (see below the configuration).
HOWEVER, on two of them, they can't contact the radius server when i autheticate, and i wonder why !!!!
Of course i have tested that the switches can contact the radius server with this command : ping vrf Mgmt-vrf 10.10.0.111
I have also test that there is no issue with firewall an this test is not rejected : telnet 10.10.0.111 1812 /vrf Mgmt-vrf
End, i have monitored the traffic on gi0/0 of failed switches and i note that when i try to authenticate there is no traffic going out the gi0/0 to reach the radius server (wheras on non failed switch the traffic is gouing ou the interface)
To resume : i have the feeling that event if they have the same configuration that the others, two switches don't send radius traffic trough the gi0/0 interface
Thank you for your help or suggestions
------ CONFIGURATION -------
aaa authentication login default group radius local
aaa authorization exec default group radius local if-authenticated
aaa session-id common
vrf forwarding Mgmt-vrf
ip address 10.11.87.24 255.255.0.0
ip route vrf Mgmt-vrf 10.10.0.0 255.255.0.0 10.11.0.254
ip route vrf Mgmt-vrf 10.16.0.0 255.255.0.0 10.11.0.254
radius server XXXX
address ipv4 10.10.0.111 auth-port 1812 acct-port 1813
key 7 zzzzzzzzzz
Have you tried specifying the source interface:
! ip radius source-interface gi0/0 vrf Mgmt-vrf !
- If not yet find you may follow the test/debugging sequences from the document below :