05-16-2017 02:54 PM
After updating the firmware on a 5100 from v7.0.1a to v7.1.2b, I can no longer authenticate via Radius, nor am I able to access the switch using the admin or root accounts.
Doing a tcpdump on the radius server, I can see the switch send an Access-Request packet, followed by the radius server sending an Access-Challenge packet. But then there's no response from the switch and authentication times out.
I pulled the mgmt cable from the switch for an hour and was unable to get the switch to fall back to the switch user database, so now I have a switch that is unprovisionable and inaccessible, but seems to be passing traffic fine.
Is there another way to force authentication to fall back to the switch database, or am I going to have to boot it into single-user mode and wipe the aaa config?
05-16-2017 11:30 PM
have you tried pulling the ethernet cable and connecting via serial console to wipe out the aaaconfig? Worked for me in the past.
05-17-2017 10:54 AM
Even after pulling the ethernet cable, the switch was still trying to authenticate via radius and would not fall back to the local switch database. I ended up rebooting into single-user mode and wiping the aaaconfig.
Now I can login using the switch database, but radius is still failing. I'm not going to worry about fixing the radius config until I get to v7.4.2.