Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1072
Views
0
Helpful
6
Replies

Cisco 3850 with Denali 16.3.6 + RADIUS

Go to solution
Jay_Work
Level 1
Level 1

‎03-11-2019 08:29 AM

Have an odd thing going on with our L3 routing switch when it comes to setting radius authentication up on it. On the other switches that are not L3 with Denali 16.3.6 authentication and logging into the switches via RADIUS works fine. However, this particular switch is for some reason not connecting back to the RADIUS server.

 

From the Switch I can:

Ping the RADIUS server - can ping the switch from the RADIUS (NPS) server

run a terminal monitor and debug radius

open another session and log in with my AD credentials. This is where it fails. The debug shows it attempting to go out to the radius server IP but then receives 3x request timed out messages.

 

Its not a routing issue as i'm able to ping from the switch and from the server.

Is there something I'm missing with this version of Denali? there is no difference with my configuration here to the other switches.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jay_Work
Level 1
Level 1
In response to balaji.bandi

‎03-11-2019 10:17 AM

Hi, managed to sort it now. I discovered the IP address of where the packets were coming from, from using the debug command and added this IP address into my NPS radius client and connection policy. It work immediately. Thankyou for your help.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-11-2019 08:46 AM

we have several 3850 in the network using ACS 5.8 (in the background with AD Credential)

did not see any issue

 

here my show version

 

Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 56 WS-C3850-48P 16.3.6 CAT3K_CAA-UNIVERSALK9 INSTALL

 

show us your configuration and see what ACS logs says ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Jay_Work
Level 1
Level 1
In response to balaji.bandi

‎03-11-2019 09:07 AM

Not much to show from the debug logs other than its timing out. I just thought I would ask to see if others had an issue after upgrading to denali 16.3.6
0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to Jay_Work

‎03-11-2019 09:14 AM

We use radius on Denali too no issues 16.3.7
did you diff the config after the upgrade make sure something wasnt removed
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Jay_Work

‎03-11-2019 09:21 AM

Suggest to post config from switch side, i am sure there may be some logs on ACS why it failing.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Jay_Work
Level 1
Level 1
In response to balaji.bandi

‎03-11-2019 10:17 AM

Hi, managed to sort it now. I discovered the IP address of where the packets were coming from, from using the debug command and added this IP address into my NPS radius client and connection policy. It work immediately. Thankyou for your help.
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Jay_Work

‎03-11-2019 10:20 AM

Glad to hear all working, if resolved mark as resolved so other community members can have the solution.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card