Router Radius Problem

Unanswered Question
Feb 28th, 2008

I am having a problem with setting up a 2600 router to use our radius server. I have a switch working on the same radius server however the router will not work. I am able to login locally, however it doesn't ever authenticate with the radius server. Please let me know how to fix this problem, thank you for your help.

aaa new-model



aaa authentication login admin group radius local

aaa authorization exec both local


aaa session-id common

radius-server host 10.0.x.xx auth-port 1645 acct-port 1646 key *****

line vty 0 4

password 7 *******

login authentication admin

transport input telnet

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Richard Burts Thu, 02/28/2008 - 10:56


There are several ways to approach this problem. I would suggest first checking to see if the server is seeing the authentication request. Can you look in the logs of the server and determine whether the authentication request is received? If it is received is it authenticated successfully or is it denied?

There are several common problems which may produce symptoms similar to what you describe. - there is a possibility that the router is not configured with the correct address for the server.

- there is a possibility that something along the way (and access list or a firewall) is not permitting the packet to get to the server.

- there is a possibility that the server sees the request but that the source ip address of the request is not the source address that the server expects.

- there is a possibility that the server sees the request but that there is a mismatch in the key value which is shared by the server and the router.

so please check on the things that I have asked. If they do not produce the solution we will figure some way to troubleshoot this.



Jagdeep Gambhir Thu, 02/28/2008 - 11:23

Hi Peter,

As suggested by Rick on layer 3 devices you need to define source interface for radius authentication.

On router issue command,

ip radius source-interface fastethernet x/y , where interface would be the one mentioned in radius server.

That should fix it.



Do rate helpful posts


This Discussion