fofanah78
asked on
Radius Debug Error
Can anyone of you help me out with this debug message. I dont know if there an ACL list that's blocking the router to the radius server
1 16:18:54.872: RADIUS(00000045): Send Access-Request to 172.25.5.224:1645 id 1645/22, len 88
Dec 1 16:18:54.872: RADIUS: authenticator A4 68 78 83 0A E8 7B 84 - F3 5B 0B D0 61 5A 91 18
Dec 1 16:18:54.872: RADIUS: User-Name [1] 14 "yusifu.admin"
Dec 1 16:18:54.872: RADIUS: User-Password [2] 18 *
Dec 1 16:18:54.872: RADIUS: NAS-Port [5] 6 2
Dec 1 16:18:54.872: RADIUS: NAS-Port-Id [87] 6 "tty2"
Dec 1 16:18:54.873: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Dec 1 16:18:54.873: RADIUS: Service-Type [6] 6 Login [1]
Dec 1 16:18:54.873: RADIUS: NAS-IP-Address [4] 6 172.25.1.9
Dec 1 16:18:54.873: RADIUS: Event-Timestamp [55] 6 1480630734
Dec 1 16:18:54.873: RADIUS(00000045): Sending a IPv4 Radius Packet
Dec 1 16:18:54.873: RADIUS(00000045): Started 5 sec timeout
Dec 1 16:18:59.876: RADIUS(00000045): Request timed out!
Dec 1 16:18:59.876: RADIUS: Retransmit to (172.25.5.224:1645,1646) for id 1645/22
Dec 1 16:18:59.877: RADIUS(00000045): Started 5 sec timeout
Dec 1 16:19:04.905: RADIUS(00000045): Request timed out!
Dec 1 16:19:04.906: RADIUS: Retransmit to (172.25.5.224:1645,1646) for id 1645/22
Dec 1 16:19:04.906: RADIUS(00000045): Started 5 sec timeout
Dec 1 16:19:09.941: RADIUS(00000045): Request timed out!
Dec 1 16:19:09.941: RADIUS: Retransmit to (172.25.5.224:1645,1646) for id 1645/22
Dec 1 16:19:09.941: RADIUS(00000045): Started 5 sec timeout
Dec 1 16:19:14.973: RADIUS(00000045): Request timed out!
Dec 1 16:19:14.973: RADIUS: No response from (172.25.5.224:1645,1646) for id 1645/22
Dec 1 16:19:14.973: RADIUS/DECODE: No response from radius-server; parse response; FAIL
Dec 1 16:19:14.973: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
Dec 1 16:19:16.974: RADIUS/ENCODE(00000045): ask "Password: "
Dec 1 16:19:16.974: RADIUS/ENCODE(00000045): send packet; GET_PASSWORD
Radius.txt
1 16:18:54.872: RADIUS(00000045): Send Access-Request to 172.25.5.224:1645 id 1645/22, len 88
Dec 1 16:18:54.872: RADIUS: authenticator A4 68 78 83 0A E8 7B 84 - F3 5B 0B D0 61 5A 91 18
Dec 1 16:18:54.872: RADIUS: User-Name [1] 14 "yusifu.admin"
Dec 1 16:18:54.872: RADIUS: User-Password [2] 18 *
Dec 1 16:18:54.872: RADIUS: NAS-Port [5] 6 2
Dec 1 16:18:54.872: RADIUS: NAS-Port-Id [87] 6 "tty2"
Dec 1 16:18:54.873: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Dec 1 16:18:54.873: RADIUS: Service-Type [6] 6 Login [1]
Dec 1 16:18:54.873: RADIUS: NAS-IP-Address [4] 6 172.25.1.9
Dec 1 16:18:54.873: RADIUS: Event-Timestamp [55] 6 1480630734
Dec 1 16:18:54.873: RADIUS(00000045): Sending a IPv4 Radius Packet
Dec 1 16:18:54.873: RADIUS(00000045): Started 5 sec timeout
Dec 1 16:18:59.876: RADIUS(00000045): Request timed out!
Dec 1 16:18:59.876: RADIUS: Retransmit to (172.25.5.224:1645,1646) for id 1645/22
Dec 1 16:18:59.877: RADIUS(00000045): Started 5 sec timeout
Dec 1 16:19:04.905: RADIUS(00000045): Request timed out!
Dec 1 16:19:04.906: RADIUS: Retransmit to (172.25.5.224:1645,1646) for id 1645/22
Dec 1 16:19:04.906: RADIUS(00000045): Started 5 sec timeout
Dec 1 16:19:09.941: RADIUS(00000045): Request timed out!
Dec 1 16:19:09.941: RADIUS: Retransmit to (172.25.5.224:1645,1646) for id 1645/22
Dec 1 16:19:09.941: RADIUS(00000045): Started 5 sec timeout
Dec 1 16:19:14.973: RADIUS(00000045): Request timed out!
Dec 1 16:19:14.973: RADIUS: No response from (172.25.5.224:1645,1646) for id 1645/22
Dec 1 16:19:14.973: RADIUS/DECODE: No response from radius-server; parse response; FAIL
Dec 1 16:19:14.973: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
Dec 1 16:19:16.974: RADIUS/ENCODE(00000045): ask "Password: "
Dec 1 16:19:16.974: RADIUS/ENCODE(00000045): send packet; GET_PASSWORD
Radius.txt
There's no route to your radius server.
ASKER
How will I set that up on a single server? Thanks for your help.
ASKER
@Craig Beck
Can I ask why do we need IP Route to a server that's local to us? I can ping/trace-route to it just fine.
Can I ask why do we need IP Route to a server that's local to us? I can ping/trace-route to it just fine.
You have set the source interface for radius to be Gig0. That's in its own VRF with no routing configured so even though you can ping the radius server from Gig0/0/2, radius traffic doesn't use that interface.
If you want radius to use Gig0/0/2 as its source interface do...
If you want radius to use Gig0/0/2 as its source interface do...
ip radius source-interface gi0/0/2
ASKER
I added the ip radius source-interface gi0/0/2 getting the same error. Why is the router not able to contact the NPS? I'm not getting any logs on the server for a bad password or some type of an error.
If you look in the NPS log file (the text file not the Event Viewer log), do you see anything?
ASKER
Found these logs on the server.
RadiusRouterLogs.txt
RadiusRouterLogs.txt
Ok thanks.
Can you do the following debugs at your router...
debug aaa authentication
debug radius authentication
...and post here while trying to login?
Can you do the following debugs at your router...
debug aaa authentication
debug radius authentication
...and post here while trying to login?
ASKER
I followed the below link to setup the router:
https://www.youtube.com/watch?v=BSPYk9o7mWE
Do I have to do anything on the VTY lines:
line con 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0
no activation-character
length 0
transport preferred none
transport input ssh
transport output none
line vty 1 4
transport preferred none
transport input ssh
transport output none
line vty 5 15
transport preferred none
transport output none
RadiusRouterLogs1.txt
https://www.youtube.com/watch?v=BSPYk9o7mWE
Do I have to do anything on the VTY lines:
line con 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0
no activation-character
length 0
transport preferred none
transport input ssh
transport output none
line vty 1 4
transport preferred none
transport input ssh
transport output none
line vty 5 15
transport preferred none
transport output none
RadiusRouterLogs1.txt
Is the firewall running on the NPS? If so, turm it off and try again.
ASKER
Yes. Do you want me to disable the client on the NPS?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That fixed the issue. But when I login with Radius not getting the enable prompt. The router is setup with an enable password.
Can you share the router config?
ASKER
That fixed the issue. But when I login with Radius not getting the enable prompt.