On 2013-10-11 13:56, Caporossi, Steve G. wrote: > We also have issues with NXOS; in our case using RADIUS. > > It always seems to begin with these syslog messages; > 2013 Oct 10 19:56:14.103 mdf1 %RADIUS-3-RADIUS_ERROR_MESSAGE: Failed looking > up IP address for RADIUS server <server address> > 2013 Oct 10 19:56:14.105 mdf1 %RADIUS-3-RADIUS_ERROR_MESSAGE: Failed looking > up IP address for RADIUS server <server address> > 2013 Oct 10 19:56:14.106 mdf1 %RADIUS-3-RADIUS_ERROR_MESSAGE: Failed looking > up IP address for RADIUS server <server address> > 2013 Oct 10 19:56:14.107 mdf1 %RADIUS-3-RADIUS_ERROR_MESSAGE: All RADIUS > servers failed to respon > d after retries. > > Authentication fails and we to fallback to local authentication to "fix" the > issue by sending test authentication to the RADIUS servers. > > We have the DNS entries configured on the Nexus devices and when this is > happening the device can ping the servers using the hostname. Another strange > thing is it happens primarily in one VDC and much less frequently on the > others using the same OOB management network. What do you mean with 'dns entries configured *on* the Nexus'? Does it happen too if you configure the radius servers ip addresses instead of their dns names?
@Radiator guys: any update from you? > > Steve > > > On Oct 11, 2013, at 4:38 AM, Alexander Hartmaier > <alexander.hartma...@t-systems.at> > wrote: > >> Hi, >> our switching guys reported that their Cisco Nexus switches running NX-OS >> log that their can't reach the tacacs servers. This is what the >> troubleshooting brought up: >> >> 2013 Oct 11 08:47:37.061 sgv20s %TACACS-3-TACACS_ERROR_MESSAGE: All servers >> failed to respond >> >> >> 149) Event:E_MTS_TX, length:60, at 60683 usecs after Fri Oct 11 08:47:37 2013 >> >> [RSP] Opc:MTS_OPC_TACACS_AAA_REQ(8421), Id:0X0A287795, Ret:SUCCESS >> >> Src:0x00000501/112, Dst:0x00000501/111, Flags:None >> >> HA_SEQNO:0X00000000, RRtoken:0x0A287778, Sync:UNKNOWN, Payloadsize:26 >> >> Payload: >> >> 0x0000: 01 03 01 00 3b a2 66 be 00 00 00 00 00 02 00 00 >> >> >> >> 150) Event:E_MTS_RX, length:60, at 46447 usecs after Fri Oct 11 08:47:37 2013 >> >> [REQ] Opc:MTS_OPC_TACACS_AAA_REQ(8421), Id:0X0A287778, Ret:SUCCESS >> >> Src:0x00000501/111, Dst:0x00000501/0, Flags:None >> >> HA_SEQNO:0X00000000, RRtoken:0x0A287778, Sync:UNKNOWN, Payloadsize:371 >> >> Payload: >> >> 0x0000: 01 03 0c 00 00 00 00 00 00 00 00 00 00 00 02 00 >> >> >> According to Cisco the accounting responses from Radiator (version 4.11 with >> patches revision 1.1530) contain errors: >> >> Accounting Statistics >> >> failed transactions: 1865 >> >> successful transactions: 0 >> >> requests sent: 1865 >> >> requests timed out: 4 >> >> responses with no matching requests: 0 >> >> responses not processed: 0 >> >> responses containing errors: 1861 >> >> >> Did someone else notice these problems? Authentication works without any >> problems. >> >> -- >> Best regards, Alexander Hartmaier >> >> T-Systems Austria GesmbH >> TSS Security Services >> Network Security & Monitoring Engineer >> >> phone: +43(0)57057-4320 >> fax: +43(0)57057-954320 >> >> >> >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien >> Handelsgericht Wien, FN 79340b >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> Notice: This e-mail contains information that is confidential and may be >> privileged. >> If you are not the intended recipient, please notify the sender and then >> delete this e-mail immediately. >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> _______________________________________________ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
