I have the host entries defined on the Nexus gear. ip host radserver1.musc.edu <server address> ip host radserver2.musc.edu <server address> ip host radserver3.musc.edu <server address>
RADIUS servers *are* defined by IP address however the Nexus gears tries to resolve the hostname(s) Steve (843) 876-5083 On Oct 18, 2013, at 4:23 AM, Alexander Hartmaier <alexander.hartma...@t-systems.at> wrote: > On 2013-10-11 13:56, Caporossi, Steve G. wrote: >> We also have issues with NXOS; in our case using RADIUS. >> >> It always seems to begin with these syslog messages; >> 2013 Oct 10 19:56:14.103 mdf1 %RADIUS-3-RADIUS_ERROR_MESSAGE: Failed looking >> up IP address for RADIUS server <server address> >> 2013 Oct 10 19:56:14.105 mdf1 %RADIUS-3-RADIUS_ERROR_MESSAGE: Failed looking >> up IP address for RADIUS server <server address> >> 2013 Oct 10 19:56:14.106 mdf1 %RADIUS-3-RADIUS_ERROR_MESSAGE: Failed looking >> up IP address for RADIUS server <server address> >> 2013 Oct 10 19:56:14.107 mdf1 %RADIUS-3-RADIUS_ERROR_MESSAGE: All RADIUS >> servers failed to respon >> d after retries. >> >> Authentication fails and we to fallback to local authentication to "fix" the >> issue by sending test authentication to the RADIUS servers. >> >> We have the DNS entries configured on the Nexus devices and when this is >> happening the device can ping the servers using the hostname. Another >> strange thing is it happens primarily in one VDC and much less frequently on >> the others using the same OOB management network. > What do you mean with 'dns entries configured *on* the Nexus'? Does it > happen too if you configure the radius servers ip addresses instead of > their dns names? > > @Radiator guys: any update from you? > >> >> Steve >> >> >> On Oct 11, 2013, at 4:38 AM, Alexander Hartmaier >> <alexander.hartma...@t-systems.at> >> wrote: >> >>> Hi, >>> our switching guys reported that their Cisco Nexus switches running NX-OS >>> log that their can't reach the tacacs servers. This is what the >>> troubleshooting brought up: >>> >>> 2013 Oct 11 08:47:37.061 sgv20s %TACACS-3-TACACS_ERROR_MESSAGE: All servers >>> failed to respond >>> >>> >>> 149) Event:E_MTS_TX, length:60, at 60683 usecs after Fri Oct 11 08:47:37 >>> 2013 >>> >>> [RSP] Opc:MTS_OPC_TACACS_AAA_REQ(8421), Id:0X0A287795, Ret:SUCCESS >>> >>> Src:0x00000501/112, Dst:0x00000501/111, Flags:None >>> >>> HA_SEQNO:0X00000000, RRtoken:0x0A287778, Sync:UNKNOWN, Payloadsize:26 >>> >>> Payload: >>> >>> 0x0000: 01 03 01 00 3b a2 66 be 00 00 00 00 00 02 00 00 >>> >>> >>> >>> 150) Event:E_MTS_RX, length:60, at 46447 usecs after Fri Oct 11 08:47:37 >>> 2013 >>> >>> [REQ] Opc:MTS_OPC_TACACS_AAA_REQ(8421), Id:0X0A287778, Ret:SUCCESS >>> >>> Src:0x00000501/111, Dst:0x00000501/0, Flags:None >>> >>> HA_SEQNO:0X00000000, RRtoken:0x0A287778, Sync:UNKNOWN, Payloadsize:371 >>> >>> Payload: >>> >>> 0x0000: 01 03 0c 00 00 00 00 00 00 00 00 00 00 00 02 00 >>> >>> >>> According to Cisco the accounting responses from Radiator (version 4.11 >>> with patches revision 1.1530) contain errors: >>> >>> Accounting Statistics >>> >>> failed transactions: 1865 >>> >>> successful transactions: 0 >>> >>> requests sent: 1865 >>> >>> requests timed out: 4 >>> >>> responses with no matching requests: 0 >>> >>> responses not processed: 0 >>> >>> responses containing errors: 1861 >>> >>> >>> Did someone else notice these problems? Authentication works without any >>> problems. >>> >>> -- >>> Best regards, Alexander Hartmaier >>> >>> T-Systems Austria GesmbH >>> TSS Security Services >>> Network Security & Monitoring Engineer >>> >>> phone: +43(0)57057-4320 >>> fax: +43(0)57057-954320 >>> >>> >>> >>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >>> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien >>> Handelsgericht Wien, FN 79340b >>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >>> Notice: This e-mail contains information that is confidential and may be >>> privileged. >>> If you are not the intended recipient, please notify the sender and then >>> delete this e-mail immediately. >>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >>> _______________________________________________ >>> radiator mailing list >>> radiator@open.com.au >>> http://www.open.com.au/mailman/listinfo/radiator >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator