Filter
Top Products
Troubleshooting
Unusual Network Activity
RADIUS server fails to respond to a request for service, even though
the server’s IP address is correctly configured in the switch. Use
show radius to verify that the encryption key (RADIUS secret key) the switch
is using is correct for the server being contacted. If the switch has only a global
key configured, then it either must match the server key or you must configure
a server-specific key. If the switch already has a server-specific key assigned
to the server’s IP address, then it overrides the global key and must match the
server key.
Figure C-6. Displaying Encryption Keys
Global RADIUS Encryption Key
Unique RADIUS Encryption Key
for the RADIUS server at
10.33.18.119
Also, ensure that the switch port used to access the RADIUS server is not
blocked by an 802.1X configuration on that port. For example, show port-
access authenticator < port-list > gives you the status for the specified ports.
Also, ensure that other factors, such as port security or any 802.1X configura-
tion on the RADIUS server are not blocking the link.
The authorized MAC address on a port that is configured for both
802.1X and port security either changes or is re-acquired after
execution of aaa port-access authenticator < port-list > initialize. If the port is
force-authorized with aaa port-access authenticator <port-list> control authorized
command and port security is enabled on the port, then executing initialize
causes the port to clear the learned address and learn a new address from the
first packet it receives after you execute initialize.
A trunked port configured for 802.1X is blocked. If you are using
RADIUS authentication and the RADIUS server specifies a VLAN for the port,
the switch allows authentication, but blocks the port. To eliminate this
problem, either remove the port from the trunk or reconfigure the RADIUS
server to avoid specifying a VLAN.
C-17