C-14
Troubleshooting
Unusual Network Activity
Radius-Related Problems
The switch does not receive a response to RADIUS authentication
requests. In this case, the switch will attempt authentication using the
secondary method configured for the type of access you are using (console,
Telnet, or SSH).
There can be several reasons for not receiving a response to an authentication
request. Do the following:
■ Use ping to ensure that the switch has access to the configured RADIUS
server.
■ Verify that the switch is using the correct encryption key for the desig-
nated server.
■ Verify that the switch has the correct IP address for the RADIUS server.
■ Ensure that the radius-server timeout period is long enough for network
conditions.
■ Verify that the switch is using the same UDP port number as the server.
RADIUS server fails to respond to a request for service, even though
the server’s IP address is correctly configured in the switch. Use
show radius to verify that the encryption key the switch is using is correct for
the server being contacted. If the switch has only a global key configured, then
it either must match the server key or you must configure a server-specific
key. If the switch already has a server-specific key assigned to the server’s IP
address, then it overrides the global key and must match the server key.
Figure C-4. Examples of Global and Unique Encryption Keys
Global RADIUS Encryption Key
Unique RADIUS Encryption Key
for the RADIUS server at
10.33.18.119