01-13-2023 06:56 AM
Some RADIUS Clients are authenticating Network 137......
Clients not authenticating Network 132....
raul.sambula.ctr@us.af.mil
Solved! Go to Solution.
01-18-2023 04:18 PM
radius-server timeout <<- can you change this timeout
the retransmit meaning and all you mention before about many hop to Server, lead me to think that there is issue with SW-Server timeout, and debug show us that,
so please make timeout long enough.
01-13-2023 07:02 AM
I dont get it ?
01-13-2023 09:09 AM
Different network than RADIUS Server. RADIUS Server is in network 137. But I'm able to ping from Network 132; however Clients from that network got Access Denied.
raul_sambula@yahoo.com
01-13-2023 09:19 AM
the client not direct connect to radius server,
the SW or Router is connect to radius, the Q what service you run here ?
01-13-2023 09:45 AM
Hello,
post a diagram of your topology showing what devices are involved, and how the devices are connected.
01-13-2023 12:17 PM
01-13-2023 02:03 PM
this is connectivity issue between SW and AAA server,
do this
ping <AAA IP > source <VLAN IP>
check if the ping is OK if not, I think you need
1- specify the source of AAA packet in SW
2- config default GW in SW
or
3- config static route for server.
last point, how you config two link to Server via vlan 99 and in same time each vlan have different subnet. ?
01-13-2023 02:42 PM
I'm able to ping from source to Server. Both subnets belong to the same domain.
01-13-2023 02:43 PM
And same radius group
01-13-2023 02:46 PM
can I see the success ping ? what commend you use ?
01-13-2023 06:37 PM
ping from Sw 137...
ping 137....
Type escape sequence...
sending 5, 100-byte ICMP Echos to .... timeout is 2s
success rate is 100 percent (5/5).... 1/1/1 ms
ping from Sw 132
ping 132....
same result difference is at the end 76/76/77 ms
01-14-2023 01:55 AM
Yes but I suggest to use source with ping,
this source is same IP you add in AAA server.
this make us sure that there is connection between specific VLAN and server
01-14-2023 03:21 AM
Yes. VLan99 is the management VLan and when I ssh to it, I use that source IP
01-14-2023 06:46 AM
I make small lab,
the tacacs server add SW VLAN 99 SVI IP as device IP
now you can see that ping from SW to server is success
but ping with source vlan 99 is failed !!
so check
are the SW is L3 SW via ip routing command ?
are the SW is use separate Router for inter-vlan ?
01-14-2023 07:33 AM
ping from source VLan99 was a success.
SW are C9300s so they're L3. We're not using ip routing for RADIUS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: