locked
Changed IP address RADIUS client, cannot connect trough putty RRS feed

  • Question

  • Hello,

    I have 2 RADIUS servers (NPS 2008 R2). My Cisco devices have these two servers configured as primary and secondary radius server. Each radius client is configured by DNS, not IP. These DNS records are static. Because of a change I changed the IP address of the DNS record. After that I couldn't connect to the Cisco device. I ran a ping to the dns address on the client where I use putty. I received the new IP address. I ran the ping command also on both NPS servers and received the new IP address. Still I couldn't connect to the device and received  a Access Denied message.

    So I opened Properties of the concerning radius client and unchecked the setting 'Enable this RADIUS client'. Hit Apply and checked the setting and hit apply again. Now I can succesfully login to the Cisco device trough radius.

    I need to know how this mechanism works. We will change much more addresses in the nearby future. And do I have to disable and enable the client on BOTH servers? Or is there some polling/caching mechanism and I must be more patient?

    Regards,

    Bastiaan

    Tuesday, January 24, 2012 9:52 AM

Answers

  • Hi Bastiaan,

     

    Thanks for posting here.

     

    I don’t find document that explain the mechanism however will suggest to restart the NPS service after the modification which will allow NPS to reload the updated address information from DNS for name resolution :

     

    How Network Policy Server Works

    http://technet.microsoft.com/en-us/library/dd197603(WS.10).aspx

     

    Thanks.

     

    Tiger Li


    Tiger Li

    TechNet Community Support

    Wednesday, January 25, 2012 8:55 AM
  • Thnks again Tiger Li for the link.

    I cannot found what I am looking for but I know I have to re-enable the client or restart the NPs-service :-D.

    This thread can be closed.

    • Marked as answer by John Doe313 Wednesday, January 25, 2012 11:05 AM
    Wednesday, January 25, 2012 11:04 AM

All replies

  • Hi Bastiaan,

     

    Thanks for posting here.

     

    Could you try to clean the DNS cache on both RADIUS server and client side if we changed the IP address for these records on DNS server ? maybe a restart.

     

    I suspect they were still using the old address to connect cos DNS record was not expired which make us consider to decrease the value of TTL for these records on DNS.

     

    I was read somewhere about it is suggested to use IP address rather than host or DNS name to connect in case name resolution issue or DNS server fault, perhaps we may reconsider our current settings.

     

    Thanks.

     

    Tiger Li


    Tiger Li

    TechNet Community Support

    Wednesday, January 25, 2012 5:43 AM
  • Thanks for your answer Tiger LI.

    The problem is allready solved as you can read. I did not cleaned the DNS cache on both RADIUS server and client side because when I ran a ping command I received the newest IP address. This means DNS is ok. I solved it by disabeling and enabling the client inside RADIUS. So I hope someone can tell me more how this mechanism in RADIUS works when changing IP/DNS of the client.

    Bastiaan

    Wednesday, January 25, 2012 7:21 AM
  • Hi Bastiaan,

     

    Thanks for posting here.

     

    I don’t find document that explain the mechanism however will suggest to restart the NPS service after the modification which will allow NPS to reload the updated address information from DNS for name resolution :

     

    How Network Policy Server Works

    http://technet.microsoft.com/en-us/library/dd197603(WS.10).aspx

     

    Thanks.

     

    Tiger Li


    Tiger Li

    TechNet Community Support

    Wednesday, January 25, 2012 8:55 AM
  • Thnks again Tiger Li for the link.

    I cannot found what I am looking for but I know I have to re-enable the client or restart the NPs-service :-D.

    This thread can be closed.

    • Marked as answer by John Doe313 Wednesday, January 25, 2012 11:05 AM
    Wednesday, January 25, 2012 11:04 AM