Reset Search
 

 

Article

VOSS: Source-IP field in RADIUS configuration on VSP not sending the configured IP address to the RADIUS Server

« Go Back

Information

 
TitleVOSS: Source-IP field in RADIUS configuration on VSP not sending the configured IP address to the RADIUS Server
Symptoms
  • VSP switch is configured with source IP address of a VLAN interface to reach the RADIUS server.
  • When it reaches the RADIUS server it receives a different IP address. So RADIUS can't authenticate the client.
Environment
  • VOSS platform
  • VSP9000
  • ERS8800/ERS8600
  • All supported releases
Cause
  • Source-ip flag is configured but instead of Circuitless IP (CLIP) or Loopback IP, random VLAN IP interface is configured.
Resolution
  • The source IP address must be a CLIP (Loopback IP) address for the RADIUS server to respond back to the switch.
  • We can configure a different CLIP address for each RADIUS server.
  • Use the source IP option only for the RADIUS servers connected to the in-band network.
Additional notes
  • By default, the switch uses the local IP interface of the VLAN as the source-ip, in which the RADIUS server resides OR it uses the local IP interface of the VLAN as the source-ip through which the packets are routed to reach the RADIUS server, if it is on a different subnet. This is the case whether source-ip in the radius server host configuration, configured or not, does not matter.
  • If a source-IP is configured and use any other VLAN IP interface as source-ip, the switch will continue to use the default source IP, even if the sourceip-flag is enabled or not.
  • If we use the CLIP address (Loopback IP) as source-ip but sourceip-flag is not enabled, it will still use the default source IP.
  • If we use the CLIP address and sourceip-flag is also enabled, then the switch will use the CLIP address as the source-ip.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255