AAA Authentication Failure

Unanswered Question
Mar 27th, 2007

I have the following configuration on a 2950 Catalyst switch

aaa new-model

aaa group server radius radServ

server auth-port 1645 acct-port 1813

server auth-port 1645 acct-port 1813


aaa authentication login default group radServ local


I unfortunately cannot authenticate via the AAA server. What is possibly the problem.

I can ping from the switch to the AAA server.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Vivek Santuka Tue, 03/27/2007 - 08:21


Have you added the following :-

radius-server host key

radius-server host key



magurwara Tue, 03/27/2007 - 12:05

What protocol are you using for the 2950? i.e. RADIUS (Cisco IOS/PIX 6.0) or TACACS+

What do you see in the failed attempts log on ACS?

Also, have you allowed shell login on the switch for the user whose account you are using for testing?

marksenteza Wed, 03/28/2007 - 02:56

My Switch is running IOS 12.1

I have Radius configured, as I have a Microsoft IAS running Radius Standard.

When I go to the Event Viewer the message I get is "A Radius message was received from an invalid RADIUS client IP Address x.x.x.x"

Source: IAS; Event ID:13

acomiskey Wed, 03/28/2007 - 05:59

You must not have defined the correct ip address for the radius client (the switch) in IAS.

marksenteza Wed, 03/28/2007 - 06:30

I did.

But I'll tell you what fixed my problem...restarting the IAS service on the Microsoft box running the Radius Server.

Successful login was intermittent and slow, but its now stabilised.


This Discussion