AAA Authentication Failure

Unanswered Question
Mar 27th, 2007

I have the following configuration on a 2950 Catalyst switch

aaa new-model

aaa group server radius radServ

server 10.1.9.100 auth-port 1645 acct-port 1813

server 10.1.8.100 auth-port 1645 acct-port 1813

!

aaa authentication login default group radServ local

!

I unfortunately cannot authenticate via the AAA server. What is possibly the problem.

I can ping from the switch to the AAA server.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Vivek Santuka Tue, 03/27/2007 - 08:21

Hi,

Have you added the following :-

radius-server host 10.1.9.100 key

radius-server host 10.1.8.100 key

Regards,

Vivek

magurwara Tue, 03/27/2007 - 12:05

What protocol are you using for the 2950? i.e. RADIUS (Cisco IOS/PIX 6.0) or TACACS+

What do you see in the failed attempts log on ACS?

Also, have you allowed shell login on the switch for the user whose account you are using for testing?

marksenteza Wed, 03/28/2007 - 02:56

My Switch is running IOS 12.1

I have Radius configured, as I have a Microsoft IAS running Radius Standard.

When I go to the Event Viewer the message I get is "A Radius message was received from an invalid RADIUS client IP Address x.x.x.x"

Source: IAS; Event ID:13

acomiskey Wed, 03/28/2007 - 05:59

You must not have defined the correct ip address for the radius client (the switch) in IAS.

marksenteza Wed, 03/28/2007 - 06:30

I did.

But I'll tell you what fixed my problem...restarting the IAS service on the Microsoft box running the Radius Server.

Successful login was intermittent and slow, but its now stabilised.

Actions

This Discussion