Radius Server configuration on Cisco L3 (CAT9K)

antonyxvr88 · ‎02-04-2021

Hi Team,

I am in the process to configure Radius server on Cisco L3 (CAT9K) switch, below is the configuration

AAA group server radius NPS_RADIUS_SERVERS
server name Mike
server name John
!
AAA authentication login default group NPS_RADIUS_SERVERS local
AAA authorization exec default group NPS_RADIUS_SERVERS local if-authenticated

radius server Mike
address ipv4 X.X.X.X AUTH-port 1812 acct-port 1813
key 7 1234
!
radius server John
address ipv4 X.X.X.X AUTH-port 1812 acct-port 1813
key 7 1234

When I execute Radius Test commands its fails stating server unresponsive.

Anyone suggest me what am I missing in the above configuration or any debug command to narrow the root cause.

Regards,

Antony Xavier

marce1000 · ‎02-04-2021

- How does it fail , or for instance show logging on the switch when the failure occurs.

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

antonyxvr88 · ‎02-05-2021

Below is the output of show log,

Please note IP address:

X.X.X.X (Local System IP)

Y.Y.Y.Y (Radius Server IP of Mike)

Z.Z.Z.Z (Radius Server IP of John)

Feb 5 06:34:48.430: Radius: radius_port_info() success=0 radius_nas_port=1
Feb 5 06:34:48.430: RADIUS/ENCODE: Best Local IP-Address X.X.X.X for Radius-Server Y.Y.Y.Y
Feb 5 06:34:48.430: RADIUS(00000000): Send Access-Request to Y.Y.Y.Y:1812 id 1645/14, Len 76
RADIUS: authenticator 71 BE 7B 50 2B 28 13 77 - C2 4E 90 AC 7C 66 DE 3C
Feb 5 06:34:48.430: RADIUS: NAS-IP-Address [4] 6 X.X.X.X
Feb 5 06:34:48.430: RADIUS: NAS-Port-Type [61] 6 ASYNC [0]
Feb 5 06:34:48.430: RADIUS: User-Name [1] 26 "ABCDEF"
Feb 5 06:34:48.430: RADIUS: User-Password [2] 18 *
Feb 5 06:34:48.430: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 5 06:34:48.430: RADIUS(00000000): Started 5 sec timeout
Feb 5 06:34:53.466: RADIUS(00000000): Request timed out!
Feb 5 06:34:53.466: RADIUS: Retransmit to (Y.Y.Y.Y:1812,1813) for id 1645/14
Feb 5 06:34:53.466: RADIUS(00000000): Started 5 sec timeout
Feb 5 06:34:58.501: RADIUS(00000000): Request timed out!
Feb 5 06:34:58.501: RADIUS: Retransmit to (Y.Y.Y.Y:1812,1813) for id 1645/14
Feb 5 06:34:58.501: RADIUS(00000000): Started 5 sec timeout
Feb 5 06:35:03.532: RADIUS(00000000): Request timed out!
Feb 5 06:35:03.532: RADIUS: Retransmit to (Y.Y.Y.Y:1812,1813) for id 1645/14
Feb 5 06:35:03.532: RADIUS(00000000): Started 5 sec timeout
Feb 5 06:35:08.567: RADIUS(00000000): Request timed out!
Feb 5 06:35:08.567: RADIUS: Fail-over to (Y.Y.Y.Y:1812,1813) for id 1645/14
Feb 5 06:35:08.568: RADIUS(00000000): Started 5 sec timeout
Feb 5 06:35:13.603: RADIUS(00000000): Request timed out!
Feb 5 06:35:13.603: RADIUS: Retransmit to (Z.Z.Z.Z:1812,1813) for id 1645/14
Feb 5 06:35:13.603: RADIUS(00000000): Started 5 sec timeout
Feb 5 06:35:18.637: RADIUS(00000000): Request timed out!
Feb 5 06:35:18.637: RADIUS: Retransmit to (Z.Z.Z.Z:1812,1813) for id 1645/14
Feb 5 06:35:18.637: RADIUS(00000000): Started 5 sec timeout
Feb 5 06:35:23.671: RADIUS(00000000): Request timed out!
Feb 5 06:35:23.671: RADIUS: Retransmit to (Z.Z.Z.Z:1812,1813) for id 1645/14
Feb 5 06:35:23.672: RADIUS(00000000): Started 5 sec timeout
Feb 5 06:35:28.713: RADIUS(00000000): Request timed out!
Feb 5 06:35:28.713: RADIUS: No response from (Z.Z.Z.Z:1812,1813) for id 1645/14
Feb 5 06:35:28.713: RADIUS: No response from server

marce1000 · ‎02-05-2021

Are the radius servers reachable from the switch ?

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

antonyxvr88 · ‎02-05-2021

Yes, I can reach Radius servers.

marce1000 · ‎02-05-2021

- Is there any activity in the logs of the radius-severs for these particular requests.

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

MHM Cisco World · ‎02-05-2021

use this command

ip radius source interface

please select interface that is reachable for both server