Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

Ch.bong

6 Posts

2901

June 29th, 2017 01:00

PowerConnect 5548P: Radius API returned error

Hi,

Since few months, I working to deploy the security protocol 802.1x on wired network of enterprise. It's work well, but since two weeks one of our switches is not more able to authenticate users.

It's a DELL PowerConnect 5548p - firmware version 4.1.0.20

I get the same message in logs for every try:

Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC was rejected on port gi1/0/1 because Radius API returned error (e.g. No Radius server is configured)

Whereas the radius server are configured, there can ping and servers are ok: there works well with other switches

show radius-servers

  IP address    Port  port  Time-   Ret-  Dead-     source IP    Prio. Usage

                Auth  Acct  Out     rans  Time

--------------- ----- ----- ------ ------ ------ --------------- ----- -----

    1812  1813  Global Global Global     Global        0    all

    1812  1813  Global Global Global     Global        1    all

Global values

--------------

TimeOut : 1

Retransmit : 4

Deadtime : 10

Source IP : 0.0.0.0

Source IPv6 : ::

I try to remove then re-add servers or reboot switches: not better.

Do you have any idea ?

 

Ch.

DELL-Josh Cr

Moderator

 • 

8.5K Posts

June 30th, 2017 10:00

It may not be rechecking, can you reboot the switch?

DELL-Josh Cr

Moderator

 • 

8.5K Posts

June 29th, 2017 12:00

Hi,

Does radius work still even though you get the message? Is the radius server on the same VLAN? It does look like the source ip is missing, that should have a value. 

Ch.bong

6 Posts

June 30th, 2017 01:00

Thanks for your message.

Yes, radius servers are still up (working for other switches on the network) but any message on the windows event viewer for this switch.

They are on the same VLAN. For the result of the command show radius-servers, I just changed the ip of servers (I edited the previous post for simplify).

It looks like the switch think there is no radius server on the config whereas there are here. Does the switch have a cache and by the timeout, thinks servers are still down?

Thanks

Ch.

Ch.bong

6 Posts

July 3rd, 2017 08:00

I try to reboot the first day, but without success. The switch is using in prod, so we'll reboot it this night.

Similarly, this week-end, another switch 5548p with port control get the same trouble:

DELL PowerConnect 5548p - firmware version 4.1.0.16

Whereas other switches 2048p still work well.

With two switches, configuration is maybe the source of the trouble?

aaa authentication dot1x default radius

radius-server host key

radius-server host key priority 1

radius-server retransmit 4

radius-server timeout 1

radius-server deadtime 10

dot1x system-auth-control

 

And for a port:

interface gigabitethernet 1/0/1

dot1x host-mode multi-sessions

dot1x reauthentication

dot1x port-control auto

It looks good or I forgot something ?

Ch.

DELL-Josh Cr

Moderator

 • 

8.5K Posts

July 5th, 2017 10:00

You may want to try to increase the timeouts. 

Ch.bong

6 Posts

July 11th, 2017 01:00

Hi,

I reset the timeout at the default value (3) and reduce the deadtime (5).

During previous nights, I remove all radius configuration on the two switches, reboot them and re enable the security configuration.

Finally, the first switch works well again unlike the second have still the same trouble (and few more reboot, didn't work too).

 

I don't know what do more T-T

Ch.

DELL-Josh Cr

Moderator

 • 

8.5K Posts

July 11th, 2017 11:00

So the first switch is still working after the reset but the second one still isn’t? What are you using for your radius server?

Ch.bong

6 Posts

July 17th, 2017 06:00

Exactly, the first switch working now after the reboot, but the second not.

My radius server is a VM running Windows Server 2016 Standard with NPS.

Ch.

DELL-Josh Cr

Moderator

 • 

8.5K Posts

July 17th, 2017 10:00

Can you check the windows event logs and see if there are any radius errors. https://technet.microsoft.com/en-us/library/cc735406(v=ws.10).aspx

Ch.bong

6 Posts

July 18th, 2017 01:00

I see no radius errors on the windows event logs.

To be sure, I use Wireshark to check. There is no communication between the switch and the server during the port authentication. But the ping works and I see it on Wireshark.

Ch.

DELL-Josh Cr

Moderator

 • 

8.5K Posts

July 18th, 2017 11:00

Can you private message me the show tech-support for the two switches so we can compare?

View More

View All

No Events found!

Top