AAA/Radius failures

Unanswered Question
Apr 17th, 2007

Have a couple of switches setup for AAA/Radius (Microsoft IAS running Radius). All authentication fails when I configure it with a radius key (matching on switch and server).

When I remove the key, I still cant authenticate with my domain credentials, and can only authenticate using the local admin password configured on the switch on a few occasions.

To get back into the switch I have to stop the IAS service on the Microsoft Radius server, log into the switch with the local admin password, before restarting the IAS service.

How can I make AAA/Radius work effectively.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Tue, 04/17/2007 - 04:59


There are several things that you might do:

- reconfigure a switch and reconfigure the Radius server for that switch to eliminate the possibility of configuration mismatch. I would be sure to key in clear text keys rather than cut and paste some encrypted value which you assume will be the same on both ends.

- look on the server to see if there are any log entries that indicate that it saw authentication requests and why they failed.

- run debugs on the switches to see what they are reporting.



marksenteza Tue, 04/17/2007 - 08:19

I switch wasnt giving a clear reason in the event log apart from saying that there was an authentication failure. After reconfiguring the switches over and still getting failures I stopped the IAS service for about 5 mins, which is a rather long time, but after restarting the IAS service the switches responded, so it was more of a Microsoft IAS end of a problem

Richard Burts Tue, 04/17/2007 - 09:51


That is an interesting resolution to the problem and one that I would probably have been slow to think of. I will file this away for future reference.




This Discussion