Reset Search
 

 

Article

RADIUS requests fail to contact secondary server when primary is down

« Go Back

Information

 
TitleRADIUS requests fail to contact secondary server when primary is down
Symptoms
  • When the switch is configured with Primary and Secondary Radius server, and Netlogin is enabled for MAC and Dot1x on port 
  • Radius authentication for dot1x and MAC will be initiated to primary server.
  • When there is no reply from primary server for 3 seconds, two retries (count 1 & 2) will happen to the primary server.
  • If there are no replies from primary server, radius will switch to secondary server (count 3) and access request should happen for both dot1x & MAC. But the request is sent only for MAC (undesired behavior).
  •  When there is no reply (for count 3) from secondary server as well, radius will again switch to primary server and last retry (count 4) will happen.
  •  If there are no replies from both server, then authentication will fail.
Environment
  • Exos 15.5.2.9patch1-5
  • All Platforms
Cause
Resolution
This issue is identified and fixed via CR xos0061432
Additional notes
The below logs will appear in the switch during the authentication process:

04/22/2015 10:32:14.04 <Info:nl.ClientAuthFailure> : Authentication failed for Network Login 802.1x user Temp Mac 00:26:B9:D7:CB:56 port 3
04/22/2015 10:32:14.04 <Warn:AAA.RADIUS.noServerResp> : No servers responding
04/22/2015 10:32:13.04 <Info:nl.ClientAuthFailure> : Authentication failed for Network Login MAC user 0026B9D7CB56 Mac 00:26:B9:D7:CB:56 port 3
04/22/2015 10:32:13.04 <Warn:AAA.RADIUS.noServResp> : No response from server 10.127.5.220 trying local.
04/22/2015 10:32:13.04 <Warn:AAA.RADIUS.noServerResp> : No servers responding
04/22/2015 10:32:10.03 <Warn:AAA.RADIUS.resendPkt> : Resend request to Authentication Server address 10.127.5.220 current request count is 4
04/22/2015 10:32:10.03 <Warn:AAA.RADIUS.resendPkt> : Resend request to Authentication Server address 10.127.5.220 current request count is 4
04/22/2015 10:32:07.03 <Warn:AAA.RADIUS.resendPkt> : Resend request to Authentication Server address 10.127.5.220 current request count is 3         !!! Issue !!! Authentication should happen in secondary server !!!
04/22/2015 10:32:07.03 <Warn:AAA.RADIUS.serverSwitch> : Switch to server 10.127.5.220
04/22/2015 10:32:07.03 <Warn:AAA.RADIUS.resendPkt> : Resend request to Authentication Server address 10.127.5.229 current request count is 3        
04/22/2015 10:32:07.03 <Warn:AAA.RADIUS.serverSwitch> : Switch to server 10.127.5.229
04/22/2015 10:32:04.03 <Warn:AAA.RADIUS.resendPkt> : Resend request to Authentication Server address 10.127.5.220 current request count is 2
04/22/2015 10:32:04.03 <Warn:AAA.RADIUS.resendPkt> : Resend request to Authentication Server address 10.127.5.220 current request count is 2
04/22/2015 10:32:01.02 <Warn:AAA.RADIUS.resendPkt> : Resend request to Authentication Server address 10.127.5.220 current request count is 1
04/22/2015 10:32:01.02 <Warn:AAA.RADIUS.resendPkt> : Resend request to Authentication Server address 10.127.5.220 current request count is 1
04/22/2015 10:31:58.48 <Info:vlan.msgs.portLinkStateUp> : Port 3 link UP at speed 1 Gbps and full-duplex
04/22/2015 10:31:56.08 <Info:vlan.msgs.portLinkStateDown> : Port 13 link down
 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255