This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Ruckus Wireless
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FlexAuth on ICX7150

alexandr_potkin
New Contributor II

‎11-07-2025 09:16 AM

Hello!

We have many ICX7150 switches in our company and trying to enable flexauth. 

But have an issue with this function:

After 1 hour client cannot authenticate on RADIUS server. When we enable auth it works fine:

Nov 7 20:14:54:N:MAC Authentication succeeded for [44db.d291.2200 186] on port 1/1/35
Nov 7 20:14:54:N:MACAUTH: Port 1/1/35 Mac 44db.d291.2200 - received AAA-ACCEPT
Nov 7 20:14:54:C:MACAUTH: RADIUS server 10.1.18.100 Accepted for 44db.d291.2200 with (DE:0 )
Nov 7 20:14:54:N:MACAUTH: Port 1/1/35 Mac 44db.d291.2200 Vlan 186 - Periodic reauth is initiated
Nov 7 20:14:48:I:DOT1X: Port 1/1/35 - mac e8cf.8335.cb4f, AuthControlledPortStatus change: authorized
Nov 7 20:14:48:N:DOT1X: Port 1/1/35 Mac e8cf.8335.cb4f - received AAA-ACCEPT
Nov 7 20:14:48:C:DOT1X: RADIUS server 10.1.18.100 Accepted for e8cf.8335.cb4f with (DE:1 )
Nov 7 20:14:48:N:DOT1X: Port 1/1/35 Mac e8cf.8335.cb4f Vlan 186 - Periodic reauth is initiated

TCPdump from radius-server:

20:14:54.792371 IP 10.2.4.207.1058 > radius.radius: RADIUS, Access-Request (1), id: 0x2a length: 145
20:14:54.804458 IP radius.radius > 10.2.4.207.1058: RADIUS, Access-Accept (2), id: 0x2a length: 32

 

After some time client cannot auth on radius. We see this in logbuf:

Nov 7 20:30:59:N:MAC Authentication succeeded for [44db.d291.2200 186] on port 1/1/35
Nov 7 20:30:59:N:MAC Authentication RADIUS timeout for [44db.d291.2200 186] on port 1/1/35
Nov 7 20:30:59:N:MACAUTH: Port 1/1/35 Mac 44db.d291.2200 - received AAA-TIMEOUT
Nov 7 20:29:59:N:MACAUTH: Port 1/1/35 Mac 44db.d291.2200 Vlan 186 - Periodic reauth is initiated
Nov 7 20:29:53:N:DOT1X: Port 1/1/35 Mac e8cf.8335.cb4f Vlan 186 - Periodic reauth is initiated

TCPdump from Radius looks very strange (pay attention on source port):

20:48:47.037902 IP 10.2.4.207.5 > radius.radius: RADIUS, Access-Request (1), id: 0x5a length: 142
20:48:47.048681 IP radius.radius > 10.2.4.207.5: RADIUS, Access-Challenge (11), id: 0x5a length: 64
20:48:47.049733 IP 10.2.4.207 > radius.: ICMP 10.2.4.207 udp port 5 unreachable, length 36

 

What we can do to fix this issue? Such a problem on SW: Version 08.0.95sT211

0 Kudos
2 REPLIES 2
Copyright © 2025 Khoros, LLC