04-17-2007 02:20 AM - edited 03-10-2019 03:06 PM
Have a couple of switches setup for AAA/Radius (Microsoft IAS running Radius). All authentication fails when I configure it with a radius key (matching on switch and server).
When I remove the key, I still cant authenticate with my domain credentials, and can only authenticate using the local admin password configured on the switch on a few occasions.
To get back into the switch I have to stop the IAS service on the Microsoft Radius server, log into the switch with the local admin password, before restarting the IAS service.
How can I make AAA/Radius work effectively.
04-17-2007 04:59 AM
Mark
There are several things that you might do:
- reconfigure a switch and reconfigure the Radius server for that switch to eliminate the possibility of configuration mismatch. I would be sure to key in clear text keys rather than cut and paste some encrypted value which you assume will be the same on both ends.
- look on the server to see if there are any log entries that indicate that it saw authentication requests and why they failed.
- run debugs on the switches to see what they are reporting.
HTH
Rick
04-17-2007 08:19 AM
I switch wasnt giving a clear reason in the event log apart from saying that there was an authentication failure. After reconfiguring the switches over and still getting failures I stopped the IAS service for about 5 mins, which is a rather long time, but after restarting the IAS service the switches responded, so it was more of a Microsoft IAS end of a problem
04-17-2007 09:51 AM
Mark
That is an interesting resolution to the problem and one that I would probably have been slow to think of. I will file this away for future reference.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide