Dear Carlos, I have rectified the issue. Pls find the bug details associated with the existing running image in the Cisco 6509 1. Bug id:-CSCsv14886 Cause: - Failure to send RADIUS state attribute Symptom:-Switch using RADIUS for dot1x authentication is not sending RADIUS state attribute to ACS server. The ACS server discards these packets and the switch marks the server as down. Conditions: Cat6500 running 12.2(33)SXH2a using RADIUS for dot1x authentication Workaround: None 1st Fixed in Version: - 12.2(33)SXH5 2. Bud id :- CSCir00551 Cause: - Misleading radius debug message Symptom:- The "%RADIUS-4-RADIUS_ALIVE: RADIUS server 172.27.66.89:2295,2296 has returned." is a little misleading. It is not saying that the server has returned, in the Sense of being heard from. It is only saying that RADIUS has marked the server as being alive because the deadtime timer has expired, and RADIUS is willing to re-send messages to this server again. Conditions: - None Workaround: None 12.2(33)SXH4 is included in the affected version The above 2 bugs associated with the radius issue in the existing image may be the cause of Radius not working with the cores witch, As we tested TACACS+ works correctly without any issues, would recommend you to configure TACACS+ for both the core switches and also for other devices, as TACACS+ is more secure than Radius .You can Use TACACS+ with Cisco ACS.
... View more
Hi All, I have configured Radius authentication on Windows 2008 server (NPS) The following configuration is working perfectly on Cisco Switch 3560. aaa new-model aaa session-id common aaa authentication login default group radius local radius-server host 10.40.34.8 auth-port 1645 acct-port 1646 key XXX But, the same configuration is not working on Cisco Catlyst Switch 6509 (C3560-IPBASEK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2) Your help would be very much appreciated. Regards, Yoosaf Lulu
... View more