Symptom
ISR not sending RADIUS traffic for 802.1x on switchports.
AAA test and MAB do work.
802.1x simply says stopped and RADIUS is never sent.
Logged message:
%DOT1X-5-FAIL: R0/0: smd: Authentication failed for client
%SESSION_MGR-5-FAIL: R0/0: smd: Authorization failed or unapplied for client
Conditions
C1111X-8P
Version 17.2.1r
Version 16.9.4
The following is configured
key config-key password-encrypt [password]
password encryption aes
A router reload is done which leads to broken state.
Workaround
Remove password encryption:
no password encryption aes
Remove shared key for radius server and re-add:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#radius server ise
Router(config-radius-server)#no key
Router(config-radius-server)#key [password]
After this the password can be encrypted again.
Further Problem Description
