RADIUS server fails to respond to a request for service, even though the server's IP address is correctly configured in the switch
Use show radius
to verify
that the encryption key (RADIUS secret key) the switch is using is
correct for the server being contacted. If the switch has only a global
key configured, it either must match the server key or you must configure
a server-specific key. If the switch already has a server-specific
key assigned to the server's IP address, it overrides the global
key and must match the server key.
Displaying encryption keys
switch(config)# show radius Status and Counters - General RADIUS Information Deadtime(min) : 0 Timeout(secs) : 5 Retransmit Attempts : 3 Global Encryption Key : My-Global-Key Dynamic Authorization UDP Port : 3799 Auth Acct DM/ Time Server IP Addr Port Port CoA Window Encryption Key --------------- ---- ---- --- ------ --------------- 10.33.18.119 1812 1813 119-only-key
Also, ensure that the switch port used to access
the RADIUS server is not blocked by an 802.1X configuration on that
port. For example, show port-access authenticator <port-list>
gives you the status for the specified
ports. Also, ensure that other factors, such as port security or any
802.1X configuration on the RADIUS server are not blocking the link.