This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Radius reachability problem on VOSS

Radius reachability problem on VOSS

Go to solution
Jave
Contributor

‎03-17-2022 09:57 AM

Hi everybody,

Trying to set up a management radius connection on VOSS switch, all works fine but I'm unable to have a correct radius servers reachability.
Radius connection on CLI works well, but no dummy packets are sent to nac server (I can't see anything with tcpdump on server), so when it goes down, new connection lags because switch still try to authenticate towards server...
Any idea ?

6923ec9d54aa4498af814603f2a995b9.png
87ec216c5c864f9ca5009f56f681c083.png(exemple here with web access)

Rodjeur
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Ludovico_Steven
Extreme Employee

‎06-04-2025 05:53 AM

Sorry, do not recall getting any email alert about this... Giuseppe sent me the link now.
So, RADIUS reachability feature is only relevant for EAPoL, in particular fail-open and continuity modes. Basically, the EAPoL function needs to know when/if the RADIUS servers change or all fail. Endpoint-tracking also uses RADIUS reachability.

For CLI RADIUS authentication, what's the use ? If a RADIUS server is available it will be used, else, if not RADIUS response, it will fallback to local password.

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
Miguel-Angel_RO
Valued Contributor II
In response to Jave

‎03-20-2022 01:15 PM

Rodjeur,

What you get is "EAP RADIUS reachability status = unreachable"
What is the output of the command "show eapol system"?

Mig
0 Kudos

Go to solution
Ludovico_Steven
Extreme Employee
In response to Miguel-Angel_RO

‎03-21-2022 04:15 AM

VOSS RADIUS reachability only works in conjunction with RADIUS servers created with used-by = EAPoL
So if you only have RADIUS servers for CLI authentication (or Web, SNMP, Endpoint-tracking) then the reachability function won't run.
The intent of RADIUS reachability is to work in conjunction with EAPoL features like Fail-Open.
0 Kudos

Go to solution
Jave
Contributor
In response to Ludovico_Steven

‎03-21-2022 08:24 AM

Thanks for your response, I've finally got my mistake: EAPoL is disabled in my environnment. I don't need it at all, especially because I'm testing Fabric at edge deployment and NAC is not an option in my production network (too many complicated to manage with BYOD and unknown devices) and it's not possible to disable EAPoL on an auto-sense enabled port. So I must disable EAPoL globally, unless it exists an another way to achieve this.
@Ludovico Stevens, could this design evolved ? Without radius reachability for cli or web connections, in case of servers unavailability, timouts about 30 sec occur at each connection, which is not optimal...
​​​​​
0 Kudos
GTM-P2G8KFN