02-09-2021 01:57 PM - edited 02-09-2021 02:10 PM
Hi Guys,
Wondering about is it possible with any debug command to check on which interface are RADIUS packets going out really?
I would like to send them out from OOB interface, so I used "ip radius source-interface g0/0 vrf Mgmt-vrf" command. I enabled some radius debug commands, but didn't find any that show from which interface packets going out from switch. I suspect they are going in the wrong direction because requests are timed out on the switch and on the server side they don't even arrive based on tcpdump. (OOB IP address and RADIUS servers IP address is in the same vlan/subnet, no firewall or any filter happens between them.)
Software: IOS-XE 17.03.02a
Thanks!
02-09-2021 03:12 PM
First are you able to ping the radius server using the source as VRF Interface? what kind of Radius Server?
Device take by default GRT routing table until statically define mgmt routing towards other gateway IP.
also, check from radius server able to reach this VRF mgmt IP for connectivity layer 3 testing.
02-11-2021 12:51 AM
Yes pings worked, I tested both directions.
It's a remote lab environment with FreeRADIUS, and only the OOB interface was connected to the network. I was lucky that one of my colleagues was on site today and I asked him to patch a normal port. I changed the configuration (removed the "ip radius source interface" command) and it worked immediately.
This confirmed that the packages really didn’t go in the right direction, but I don’t know why.
02-11-2021 02:26 AM
if still an issue can you post the config, because if you patched to different port it worked, it should be work as expected in mgmt VRF, make sure it reaches the GRT table and able to reach Freeraidius.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide