Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2285
Views
0
Helpful
7
Replies

Switch Login Super Slow and Radius Not Working

PolarPanda
Level 1
Level 1

‎12-24-2019 08:29 AM - edited ‎12-24-2019 08:46 AM

Hi there,

 

       Usually, after I entered login info, It took like 1 sec to login. But after my cowork enable ssh v2 to login switch remotely, my domain network admin account cannot be login anymore. According to debug info, it kept to timeout by radius. It was normal to login switch via telnet. The domain network admin user is authenticated by radius server.  When I tried to use local user account to login switch, it took me almost 20 second to login (it's 1  sec beofre). so the issues I have now are 1. radius server not response 2. it takes too long login the switch. Can someone explain the potential causes for both issues? Thank you. 

Labels:
0 Helpful
7 Replies 7

Reza Sharifi
Hall of Fame
Hall of Fame

‎12-24-2019 08:45 AM

Hi,

What happens if you disable SSH completely? Does it go back to normal login (1 sec)?

Sometimes, enabling different features triggers a bug and if you disable and than enable it again, it goes away. If it persist after enabling it again, it may be bug in the IOS you are running. 

HTH

0 Helpful

PolarPanda
Level 1
Level 1
In response to Reza Sharifi

‎12-24-2019 02:39 PM

Thank you. I can try it later.

0 Helpful

Oleg Volkov
Spotlight
Spotlight

‎12-24-2019 01:47 PM

Can You share:

 

sh run | inc aaa

sh run | sec line

 

 

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
0 Helpful

PolarPanda
Level 1
Level 1
In response to Oleg Volkov

‎12-24-2019 02:40 PM

sh run | i aaa
aaa new-model
aaa authentication login default group radius local
aaa authentication login console local
aaa authorization exec default group radius local
aaa session-id common

 

sh run | sec line
line con 0
password 7 xxxxxxxx
transport preferred none
stopbits 1
line aux 0
transport input all
stopbits 1
line vty 0 4
password 7 xxxxxxxx
transport preferred none
transport input ssh
line vty 5 15

0 Helpful

Georg Pauwen
VIP
VIP

‎12-24-2019 02:50 PM

Hello,

 

have you tried to reload the switch ? 

0 Helpful

paul driver
VIP
VIP

‎12-24-2019 03:52 PM

Hello

Have you tried setting the Radius timeout to a low value

radius-server timeout xxx


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎12-26-2019 11:02 AM

There are things about this environment that we do not know and that prevents us from being able to fully explain the issues. Was authentication using Radius added as part of implementing SSHv2? Does the Radius server respond to the switch for anything?

 

I believe that we can explain the delay when you attempt to login using the local account. In the partial config that was posted we see this

aaa authentication login default group radius local

This says that for any authentication try the Radius server first and if it does not respond then use local authentication. So when you attempt to login using the local account it first sends its request to the Radius server. Then it waits for a response. If the Radius server does not respond the switch waits for the timeout interval before it then uses authentication with the local user ID and password. 

 

HTH

 

Rick

 

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card