Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
440
Views
5
Helpful
3
Replies

Router Radius Problem

peter.williams
Level 1
Level 1

‎02-28-2008 04:20 AM - edited ‎03-10-2019 03:41 PM

I am having a problem with setting up a 2600 router to use our radius server. I have a switch working on the same radius server however the router will not work. I am able to login locally, however it doesn't ever authenticate with the radius server. Please let me know how to fix this problem, thank you for your help.

aaa new-model

!

!

aaa authentication login admin group radius local

aaa authorization exec both local

!

aaa session-id common

radius-server host 10.0.x.xx auth-port 1645 acct-port 1646 key *****

line vty 0 4

password 7 *******

login authentication admin

transport input telnet

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎02-28-2008 10:56 AM

Peter

There are several ways to approach this problem. I would suggest first checking to see if the server is seeing the authentication request. Can you look in the logs of the server and determine whether the authentication request is received? If it is received is it authenticated successfully or is it denied?

There are several common problems which may produce symptoms similar to what you describe. - there is a possibility that the router is not configured with the correct address for the server.

- there is a possibility that something along the way (and access list or a firewall) is not permitting the packet to get to the server.

- there is a possibility that the server sees the request but that the source ip address of the request is not the source address that the server expects.

- there is a possibility that the server sees the request but that there is a mismatch in the key value which is shared by the server and the router.

so please check on the things that I have asked. If they do not produce the solution we will figure some way to troubleshoot this.

HTH

Rick

HTH

Rick
0 Helpful

Jagdeep Gambhir
Level 10
Level 10

‎02-28-2008 11:23 AM

Hi Peter,

As suggested by Rick on layer 3 devices you need to define source interface for radius authentication.

On router issue command,

ip radius source-interface fastethernet x/y , where interface would be the one mentioned in radius server.

That should fix it.

Regards,

~JG

Do rate helpful posts

peter.williams
Level 1
Level 1
In response to Jagdeep Gambhir

‎02-28-2008 12:09 PM

Thank you, this resolved my issue.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents