Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1270
Views
0
Helpful
9
Replies

fast Ethernet 0 fails as a radius source interface

SMD28316
Level 1
Level 1

‎09-14-2021 11:54 AM

I am trying to test radius connection, I have a simple AAA setup to authenticate with Dot1X, First I used VLAN1 as a source-interface which worked, then tested changing to fastethernet0 on two 2960X switches and RADIUS is starting to fail on one of them.

I checked the interfaces properties and I can see that the "bad" switch has 0 hits on cache, diff output:

    FastEthernet0-Physical buffers, 1524 bytes (total 32, permanent 32):^M
          24 in free list (0 min, 32 max allowed)^M
          8 hits, 0 fallbacks^M
          8 max cache size, 8 in cache^M
    -     0 hits in cache, 0 misses in cache
    +     70223883 hits in cache, 0 misses in cache

Is this related to my issue? how do I troubleshoot this?

Labels:
0 Helpful
9 Replies 9

Georg Pauwen
VIP
VIP

‎09-14-2021 12:03 PM

Hello,

 

on the 2960X, the FastEthernet0 is what, a layer 2 or layer 3 interface ?

0 Helpful

SMD28316
Level 1
Level 1
In response to Georg Pauwen

‎09-14-2021 12:07 PM - edited ‎09-14-2021 12:09 PM

layer 3 interfaces, config:

interface FastEthernet0
description MGMT-int
- ip address <ip_address> 255.255.255.0
description MGMT-int
+ ip address <ip_address> 255.255.255.0
no ip route-cache
0 Helpful

SMD28316
Level 1
Level 1
In response to SMD28316

‎09-14-2021 12:08 PM

- is for the bad switch and the + is for the good switch, the other lines are shared

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎09-14-2021 12:17 PM

what was the VLAN 1 IP addres that worked ? have you assigned same Address to FastEthernet 0 ? where is radius server what IP address ?

 

If you make fast 0 is  router interface, that should be up and running ? ( what port it connected other side ?)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

SMD28316
Level 1
Level 1
In response to balaji.bandi

‎09-14-2021 12:29 PM 

interface Vlan1
- no ip address
+ ip address <IP_ADDR> 255.255.0.0
shutdown

Fast etherenet 0 on the BAD switch has an IP address different from the VLAN 1, is this an issue? since VLAN1 is down on both switches.

 

and radius server is a standalone ISE node that I use for my experiments.

 

" If you make fast 0 is  router interface, that should be up and running ? ( what port it connected other side ?) " I don't understand the question, you mean make the interface a layer 3 interface? because it already is.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to SMD28316

‎09-14-2021 12:38 PM

when you configure Fas 0 IP address, is the interface up or down ?

if that is different IP address, using that source IP are you able to reach ISE ?

 

post the full configuration to understand (rather - and + it confusing here)

 

 

" If you make fast 0 is  router interface, that should be up and running ? ( what port it connected other side ?) " I don't understand the question, you mean make the interface a layer 3 interface? because it already is.

if the interface not connected, how will the interface up, and IP address will be active ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

SMD28316
Level 1
Level 1
In response to balaji.bandi

‎09-14-2021 12:47 PM

FastEthernet is up on both switches, I didn't check if ISE is reachable via fast ethernet 0, can I ping with specifying the interface?

 

the configuration for both interfaces:

interface FastEthernet0
description MGMT-BAD
ip address <IP_ADDR> 255.255.255.0
no ip route-cache

interface FastEthernet0
description MGMT-GOOD
ip address <IP_ADDR> 255.255.255.0
no ip route-cache
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to SMD28316

‎09-14-2021 01:02 PM - edited ‎09-14-2021 01:02 PM

we need to know what is Good IP full (hope that is private IP so that not secret right ?) what is ISE IP address

 

try ping x.x.x.x(ise ip ) source fast0  see if that works ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎09-15-2021 12:14 PM - edited ‎09-15-2021 12:15 PM

You tested radius and it worked using the IP of vlan 1. Then you changed and used the IP of fasteth0. Was the IP address the same address as vlan 1 or a different address? If you used a different IP address does the radius server have the new IP configured as a client?

If you used the same IP address on both interfaces then the results of ping to the radius address using the source as fasteth0 would be interesting.

If the ping is not successful then it might be helpful to see the output of show ip interface brief and of show ip route from the switch (and an indication of the IP address of radius).

It might also be helpful to check the logs of the radius server. Does it see the request from your switch? Does it think it responded to your switch?

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents