Enhancements in Release F.04.08

Configuring RADIUS Authentication and Accounting

Troubleshooting RADIUS Operation

Symptom

Possible Cause

 

 

The switch does not receive a response to RADIUS authentication requests. In this case, the switch will attempt authentication using the secondary method configured for the type of access you are using (console, Telnet, or SSH).

RADIUS server fails to respond to a request for service, even though the server’s IP address is correctly configured in the switch.

There can be several reasons for not receiving a response to an authentication request. Do the following:

Use ping to ensure that the switch has access to the configured RADIUS server.

Verify that the switch is using the correct encryption key for the designated server.

Verify that the switch has the correct IP address for the RADIUS server.

Ensure that the radius-server timeout period is long enough for network conditions.

Verify that the switch is using the same UDP port number as the server.

Use show radius to verify that the encryption key the switch is using is correct for the server being contacted. If the switch has only a global key configured, then it either must match the server key or you must configure a server- specific key. If the switch already has a server-specific key assigned to the server’s IP address, then it overrides the global key and must match the server key.

Global RADIUS Encryption Key

Unique RADIUS Encryption Key for the RADIUS server at 10.33.18.119

128