Technical Tip: RADIUS authentication fails with 'Ignoring request' error
Description
This article describes how to resolve issues where RADIUS authentication is failing with error: 'Ignoring request'
Scope
FortiNAC, FortiNAC-F.
Solution
Local RADIUS Server not responding to RADIUS requests.
The following message is printed in the RADIUS Server Log in the Local RADIUS view (version 9.2 and higher) or /var/log/radius/radiusd.log
"Ignoring request to auth address * port 1645 from unknown client <controller IP> port <...> proto udp"
To fix the issue, check the following settings:
- Model Configuration and applicable SSID are set to Local RADIUS mode.
- Secrets must match:
- Model configuration.
- SSID (if secret set at SSID level).
- VDOM owning IP address sending RADIUS request (if FortiGate/FortiAP/FortiSwitch in Link mode).
- Controller/Access point.
- The Radius Access-Request is being sent with the Source IP Address of a Device that is modeled in the FortiNAC network Inventory. Confirm that the Source IP is the same as the IP address defined in the Element tab.
- Check that the Source IP of the Incoming Access-Request is not a Duplicate IP address that may be assigned to an old entry in FortiNAC.
Related documents:
Troubleshooting Tip: Common local RADIUS failures, debug logs, and examples