Guest

Preview Tool

Cisco Bug: CSCvh78701 - Sometimes radius server failed

Last Modified

Sep 20, 2018

Products (1)

  • Cisco Nexus 9000 Series Switches

Known Affected Releases

7.0(3)I7(2)

Description (partial)

Symptom:
I upgraded N9K from 7.0(3)I5(1) to 7.0(3)I7(2). Sometimes radius server failed. This issue causes SSH authentication failed with AAA. I captured radius logs as below.

Radius logs in 7.0(3)I7(2):
%RADIUS-3-RADIUS_ERROR_MESSAGE: Failed looking up IP address for RADIUS server 9.0.2.123
%RADIUS-5-RADIUS_SERVER_STATUS: RADIUS server 9.0.2.123 with auth-port 1645 and acct-port 1646 status has changed from ALIVE STATE to DEAD STATE. Server was in previous-state for 0 hrs, 3 min, 1 sec, and total dead time of the server is 4 hrs, 51 min, 18 sec
%RADIUS-5-RADIUS_MONITOR_STATUS: Radius server 9.0.2.123 with auth-port 1645 and acct-port 1646 is now being monitored for interval 3 minutes. The server is currently marked DEAD
%RADIUS-3-RADIUS_ERROR_MESSAGE: All RADIUS servers failed to respond after retries.

I removed "aaa accounting default group east" in 7.0(3)I7(2) and didn't get the same radius logs.

Then I downgraded N9K from 7.0(3)I7(2) to 7.0(3)I5(1). I didn't capture the same radius logs in 7.0(3)I5(1).
	
Radius logs in 7.0(3)I5(1):
<187>: 2018 Jan 30 15:50:45.239950 EST: %RADIUS-3-RADIUS_ERROR_MESSAGE: Dropping response (packet ID 25) from server 9.0.2.123
<187>: 2018 Jan 30 15:50:45.245313 EST: last message repeated 1 time
<187>: 2018 Jan 30 15:50:45.245325 EST: %RADIUS-3-RADIUS_ERROR_MESSAGE: Dropping response (packet ID 23) from server 9.0.2.123
<187>: 2018 Jan 30 15:50:45.245486 EST: %RADIUS-3-RADIUS_ERROR_MESSAGE: Dropping response (packet ID 24) from server 9.0.2.123

AAA configurations:
AP07-PT-93180YC-03# show run aaa

!Command: show running-config aaa
!Time: Wed Jan 31 02:13:21 2018

version 7.0(3)I7(2)
logging level aaa 2
aaa authentication login default group east 
aaa accounting default group east 
aaa authentication login error-enable 


radius-server retransmit 3
radius-server deadtime 15
radius-server host 9.0.2.123 key 7 "XXXXX" auth-port 1645 acct-port 1646 authentication accounting 
aaa group server radius east 
    server 9.0.2.123 
    deadtime 3
    use-vrf management
    source-interface mgmt0

Conditions:
aaa accounting default group east

Related Community Discussions

<key>CSCvh78701</key> - Sometimes radius server failed
HI, Someone be this is the bug. This present on  version 7.0(3)I7(3)?   Thanks for you reply.    
Latest activity: Jun 15, 2018
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.