I can't seem to access our catalyst 4006 after enabling AAA for radius. I have setup IAS on our domain controller and setup a the catalyst as a Radius client as well as configured a remote access policy that points to an AD group to allow switch access. When I try to login to the catalyst with my user information in AD, it seems to hang after I type in my password, asks for the password again then says access denied. This happens both on the console and via a telnet session. I have included my AAA configuration below.
What am I missing?
(Cisco IOS Software, v 12.2(25)EWA14)
radius-server host 10.100.x.x auth-port 1812 acct-port 1813 key xxxxxxxxxx
radius-server source-ports 1645-1646
aaa group server radius Radius-Servers
server 10.100.x.x auth-port 1812 acct-port 1813
aaa authentication login default group Radius-Servers local line
aaa authentication enable default group Radius-Servers enable
aaa authentication dot1x default group Radius-Servers
aaa authorization exec default group Radius-Servers if-authenticated
aaa authorization network default group Radius-Servers
aaa accounting dot1x default start-stop group Radius-Servers
aaa accounting exec default start-stop group Radius-Servers
line vty 0 4
login authentication default
I believe that the immediate problem is that the source address ussed by your switch is not the address that Radius is expecting. The Radius server is at 10.100.182.250 and that is in the subnet of interface vlan 182. So the address of interface vlan 182 will be the source address of the Radius request. One way to fix that is to use the ip radius source-address command and specify the address that you want the switch to use. Of course in the short term it may be easier to change the Radius server to expect 10.100.182.2 as the client address.