RADIUS Authentication Troubleshooting

RADIUS authentication failures are most commonly the result of incorrect configuration. For example, the shared keys or the server and switch port numbers may be inconsistent. Following these troubleshooting steps can help resolve your issue.

Troubleshooting Steps

1. Check whether the RADIUS Config is correct

• Check the RADIUS Server IP address: Check whether the listed IP address of the RADIUS server is correct.
• Verify Shared key: Ensure that your Shared keys are consistent with those configured on the RADIUS server. Any mismatch between Shared keys will cause authentication failure.
• Check Authentication Port: Verify that the authentication port (default: 1812) specified in the switch configuration matches that of the RADIUS server.

2. Verify Server Group

Server Group allows you to select the IP of multiple RADIUS servers. Confirm that the device is using the correct Server IP.

3. Verify Authentication Login Method

On the AAA-Method Config page, verify whether the Pri sequence is set in the Login Method for authentication and the Enable Method.

4. Verify Global Configuration

Verify whether the global configuration is correct. This procedure is for management-type users who log in to the device using a console, telnet, SSH, or HTTP. When RADIUS authentication fails, the management user cannot log in to the device. Check whether the Login Method and Enable Method under the corresponding method match.

5. Gather pertinent information and contact support to solve any remaining problems

• Check whether there is a firewall on the network that blocks traffic destined for the authentication port of the RADIUS server IP address.
• View and collect log files of the RADIUS server to check whether there are records of authentication failures.
• Contact TP-Link Business Technical Support.