03-27-2007 07:35 AM - edited 03-10-2019 03:03 PM
I have the following configuration on a 2950 Catalyst switch
aaa new-model
aaa group server radius radServ
server 10.1.9.100 auth-port 1645 acct-port 1813
server 10.1.8.100 auth-port 1645 acct-port 1813
!
aaa authentication login default group radServ local
!
I unfortunately cannot authenticate via the AAA server. What is possibly the problem.
I can ping from the switch to the AAA server.
03-27-2007 08:21 AM
Hi,
Have you added the following :-
radius-server host 10.1.9.100 key
radius-server host 10.1.8.100 key
Regards,
Vivek
03-27-2007 08:31 AM
Yes I have. I've crossed checked that the keys match, and they do.
03-27-2007 12:05 PM
What protocol are you using for the 2950? i.e. RADIUS (Cisco IOS/PIX 6.0) or TACACS+
What do you see in the failed attempts log on ACS?
Also, have you allowed shell login on the switch for the user whose account you are using for testing?
03-28-2007 02:56 AM
My Switch is running IOS 12.1
I have Radius configured, as I have a Microsoft IAS running Radius Standard.
When I go to the Event Viewer the message I get is "A Radius message was received from an invalid RADIUS client IP Address x.x.x.x"
Source: IAS; Event ID:13
03-28-2007 05:59 AM
You must not have defined the correct ip address for the radius client (the switch) in IAS.
03-28-2007 06:30 AM
I did.
But I'll tell you what fixed my problem...restarting the IAS service on the Microsoft box running the Radius Server.
Successful login was intermittent and slow, but its now stabilised.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: