Cisco ASA - Radius

[Gerrit Jan Hoogeland]

Hi,

For some reason my ASA marks the Radius server of my OTP server constantly asa Active and Failed

---

Oct 21 11:54:41 10.0.199.1 %ASA-2-113022: AAA Marking RADIUS server 10.151.0.49 in aaa-server group CIZToken as FAILED

Oct 21 11:54:41 10.0.199.1 %ASA-2-113023: AAA Marking RADIUS server 10.151.0.49 in aaa-server group CIZToken as ACTIVE

Oct 21 11:55:20 10.0.199.1 %ASA-2-113022: AAA Marking RADIUS server 10.151.0.49 in aaa-server group CIZToken as FAILED

Oct 21 11:55:20 10.0.199.1 %ASA-2-113023: AAA Marking RADIUS server 10.151.0.49 in aaa-server group CIZToken as ACTIVE

Oct 21 11:56:14 10.0.199.1 %ASA-2-113022: AAA Marking RADIUS server 10.151.0.49 in aaa-server group CIZToken as FAILED

Oct 21 11:56:14 10.0.199.1 %ASA-2-113023: AAA Marking RADIUS server 10.151.0.49 in aaa-server group CIZToken as ACTIVE

Oct 21 11:57:16 10.0.199.1 %ASA-2-113022: AAA Marking RADIUS server 10.151.0.49 in aaa-server group CIZToken as FAILED

Oct 21 11:57:16 10.0.199.1 %ASA-2-113023: AAA Marking RADIUS server 10.151.0.49 in aaa-server group CIZToken as ACTIVE

---

But all seems to work correctly, is this a cosmetic failure, has it to do with radius authorization instead of authentication (we use both)

Has anybody got a clue?

Kind regards,

Gerrit Jan Hoogeland

Accent Automatisering

[Spyridon Gouliarmis (RCDevs)]

We do not implement RADIUS authorisation, so you can tell your ASA to not expect it.

For the rest, we need a .pcap file of what went between the two peers.

[Gerrit Jan Hoogeland]

Hi Accounting also not implemented?

I will create the pcap file. We can I post it?

Op vrijdag 21 oktober 2016 12:11:08 UTC+2 schreef Spyridon Gouliarmis (RCDevs):

[Spyridon Gouliarmis (RCDevs)]

Indeed, neither is accounting.

Check your emails for a link to our owncloud instance.

[Gerrit Jan Hoogeland]

The error disappears after I turn of accounting and authorisation to the OTP server, problem solved

Thanx

Op vrijdag 21 oktober 2016 12:44:06 UTC+2 schreef Spyridon Gouliarmis (RCDevs):