ftorid_30909
Feb 15, 2010Nimbostratus
RADIUS and route domain
Hello.
Platform: F5 BIGIP 3600, 10.0
Radius authentication doesn't seem to work if radius server _located in route domain_ (and radius server address with % sign has no effect at all). The ip connectivity is working right (icmp, ip) but radius auth packets are going with such kind errors:
with % sign:
Oct 25 02:34:21 local/f5a err httpd[5247]: pam_radius_auth: Failed looking up IP address for RADIUS server 10.35.2.73%3 (errcode=9)
Oct 25 02:34:21 local/f5a err httpd[5247]: pam_radius_auth: All RADIUS servers failed to respond.
without % sign:
Oct 25 02:38:09 local/f5a err httpd[17866]: pam_radius_auth: RADIUS server 10.35.2.73 failed to respond
Oct 25 02:38:12 local/f5a err httpd[17866]: pam_radius_auth: RADIUS server 10.35.2.73 failed to respond
Oct 25 02:38:15 local/f5a err httpd[17866]: pam_radius_auth: RADIUS server 10.35.2.73 failed to respond
Oct 25 02:38:18 local/f5a err httpd[17866]: pam_radius_auth: RADIUS server 10.35.2.73 failed to respond
Oct 25 02:38:18 local/f5a err httpd[17866]: pam_radius_auth: All RADIUS servers failed to respond.
route-domain 3 {
description VRF3
vlans {
PRIVATE
}
}
self 10.35.2.78%3/24 {
allow-service default
vlan PRIVATE
}
radius system-auth {
servers {
system_auth_name1
}
}
radius-server system_auth_name1 {
secret xxxxxxxxxx
server 10.35.2.73%3
}
RADIUS-SERVER ping 10.35.2.78
PING 10.35.2.78 (10.35.2.78) 56(84) bytes of data.
64 bytes from 10.35.2.78: icmp_seq=1 ttl=255 time=0.000 ms
64 bytes from 10.35.2.78: icmp_seq=2 ttl=255 time=0.000 ms
Is that a bug or a feature?
Thanks