timeout means the server did not respond, e.g.
(7008-core) [mynode] (config) #aaa authentication-server radius does_not_exist
(7008-core) ^[mynode] (RADIUS Server "does_not_exist") #host 10.1.1.1
(7008-core) ^[mynode] (RADIUS Server "does_not_exist") #key blah
(7008-core) ^[mynode] (RADIUS Server "does_not_exist") #!
(7008-core) ^[mynode] (config) #write mem
now test it
(7008-core) [mynode] #aaa test-server pap does_not_exist no_such_user aaaaaaa
AAA server timeout
(7008-core) [mynode] #
resulting log
(7008-core) [mynode] #show log errorlog 20
May 18 17:54:50 <authmgr 520002> <3806> <ERRS> |authmgr| Authentication server request Timeout, username=no_such_user userip=0.0.0.0 usermac=00:00:00:00:00:00 servername= does_not_exist server-group= serverip= 10.1.1.1 bssid=00:00:00:00:00:00 apname=
May 18 17:54:55 <authmgr 520002> <3806> <ERRS> |authmgr| Authentication server request Timeout, username=no_such_user userip=0.0.0.0 usermac=00:00:00:00:00:00 servername= does_not_exist server-group= serverip= 10.1.1.1 bssid=00:00:00:00:00:00 apname=
May 18 17:55:00 <authmgr 520002> <3806> <ERRS> |authmgr| Authentication server request Timeout, username=no_such_user userip=0.0.0.0 usermac=00:00:00:00:00:00 servername= does_not_exist server-group= serverip= 10.1.1.1 bssid=00:00:00:00:00:00 apname=
May 18 17:55:05 <authmgr 520002> <3806> <ERRS> |authmgr| Authentication server request Timeout, username=no_such_user userip=0.0.0.0 usermac=00:00:00:00:00:00 servername= does_not_exist server-group= serverip= 10.1.1.1 bssid=00:00:00:00:00:00 apname=
You can see 4 messages 5 seconds apart, corresponds to 3 rexmt at 5 seconds (default of a new radius server)
show aaa authentication-server radius does_not_exist
RADIUS Server "does_not_exist"
------------------------------
Parameter Value
--------- -----
Enable IPv6 Disabled
Host 10.1.1.1
Key ********
<snip>
Retransmits 3
Timeout 5 sec
NAS ID N/A
check stats
(7008-core) [mynode] #show aaa authentication-server radius statistics
RADIUS Server Statistics
------------------------
Server Acct Rq Raw Rq PAP Rq CHAP Rq MSCHAP Rq MSCHAPv2 Rq Mismatch Rsp Bad Auth Acc Rej Acct Rsp Chal Ukn Rsp Tmout AvgRspTm Tot Rq Tot Rsp Rd Err Outstanding Auths Outstanding Requests Acc-RTTS Rq Acc-RTTS Rsp ExpAuthTm Uptime SEQ
------ ------- ------ ------ ------- --------- ----------- ------------ -------- --- --- -------- ---- ------- ----- -------- ------ ------- ------ ----------------- -------------------- ----------- ------------ --------- ------ ---
does_not_exist 0 0 1 0 0 0 0 0 0 0 0 0 0 4 0 1 0 0 0 0 0 0 5022 0:0:1 255/254
items of note in the above
PAP Rq = 1
Tmout = 4
Tot Rq = 1
as to why your server is timing out - that could be any number of things.
I presume that your CPPM is in a healthy state and not under and duress (what does the CPPM monitoring say?). When there is a timeout what does the access tracker say, is it rejecting/ignoring an auth attempt.
As you note it's happening all of the time, perhaps you can setup a packet capture for udp 1812/1813 and let it run for a while until you know there is at least one timeout according to the controller CLI. Now, go through the capture and try to ascertain what device may be at fault, this will also tell you the mac/user involved and you can go check in access tracker what happened at the CPPM side.
hth.
-jeff