AAA Authentication Failure

Unanswered Question
Mar 27th, 2007
User Badges:

I have the following configuration on a 2950 Catalyst switch


aaa new-model

aaa group server radius radServ

server 10.1.9.100 auth-port 1645 acct-port 1813

server 10.1.8.100 auth-port 1645 acct-port 1813

!

aaa authentication login default group radServ local

!


I unfortunately cannot authenticate via the AAA server. What is possibly the problem.


I can ping from the switch to the AAA server.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Vivek Santuka Tue, 03/27/2007 - 08:21
User Badges:
  • Cisco Employee,

Hi,


Have you added the following :-


radius-server host 10.1.9.100 key

radius-server host 10.1.8.100 key


Regards,

Vivek

marksenteza Tue, 03/27/2007 - 08:31
User Badges:

Yes I have. I've crossed checked that the keys match, and they do.

magurwara Tue, 03/27/2007 - 12:05
User Badges:

What protocol are you using for the 2950? i.e. RADIUS (Cisco IOS/PIX 6.0) or TACACS+


What do you see in the failed attempts log on ACS?


Also, have you allowed shell login on the switch for the user whose account you are using for testing?


marksenteza Wed, 03/28/2007 - 02:56
User Badges:

My Switch is running IOS 12.1


I have Radius configured, as I have a Microsoft IAS running Radius Standard.


When I go to the Event Viewer the message I get is "A Radius message was received from an invalid RADIUS client IP Address x.x.x.x"


Source: IAS; Event ID:13



acomiskey Wed, 03/28/2007 - 05:59
User Badges:
  • Green, 3000 points or more

You must not have defined the correct ip address for the radius client (the switch) in IAS.



marksenteza Wed, 03/28/2007 - 06:30
User Badges:

I did.


But I'll tell you what fixed my problem...restarting the IAS service on the Microsoft box running the Radius Server.


Successful login was intermittent and slow, but its now stabilised.


Actions

This Discussion