Router Radius Problem

Unanswered Question
Feb 28th, 2008
User Badges:

I am having a problem with setting up a 2600 router to use our radius server. I have a switch working on the same radius server however the router will not work. I am able to login locally, however it doesn't ever authenticate with the radius server. Please let me know how to fix this problem, thank you for your help.


aaa new-model

!

!

aaa authentication login admin group radius local

aaa authorization exec both local

!

aaa session-id common


radius-server host 10.0.x.xx auth-port 1645 acct-port 1646 key *****


line vty 0 4

password 7 *******

login authentication admin

transport input telnet





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Richard Burts Thu, 02/28/2008 - 10:56
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Peter


There are several ways to approach this problem. I would suggest first checking to see if the server is seeing the authentication request. Can you look in the logs of the server and determine whether the authentication request is received? If it is received is it authenticated successfully or is it denied?


There are several common problems which may produce symptoms similar to what you describe. - there is a possibility that the router is not configured with the correct address for the server.

- there is a possibility that something along the way (and access list or a firewall) is not permitting the packet to get to the server.

- there is a possibility that the server sees the request but that the source ip address of the request is not the source address that the server expects.

- there is a possibility that the server sees the request but that there is a mismatch in the key value which is shared by the server and the router.


so please check on the things that I have asked. If they do not produce the solution we will figure some way to troubleshoot this.


HTH


Rick

Jagdeep Gambhir Thu, 02/28/2008 - 11:23
User Badges:
  • Red, 2250 points or more

Hi Peter,

As suggested by Rick on layer 3 devices you need to define source interface for radius authentication.


On router issue command,

ip radius source-interface fastethernet x/y , where interface would be the one mentioned in radius server.



That should fix it.



Regards,

~JG


Do rate helpful posts

Actions

This Discussion