cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
304
Views
3
Helpful
3
Replies

Trying to authenticate managment users via IAS Radius

Scott Fella
Hall of Fame
Hall of Fame

I'm trying to setup my switches to authenticate users via Microsoft IAS to allow for management. I have followed may links I have found on the web, but I get a failure for some reason.

IAS shows the user has been granted access but the switch shows % Authentication failed.

I have this setup on one of my switches:

aaa new-model

aaa authentication login default group radius local

aaa session-id common

radius-server host 10.52.10.4 auth-port 1812 acct-port 1813

radius-server key test

line vty 0 15

login authentication default

On the IAS remote policy I created, on the Advanced tab, I have tried to set the service-type to login and to Administrative. Also tried to add the cisco-av-pair for shell:priv-lvl=15 and tried using vedor specific, but no go.

I have looked at these links but still no go:

http://www.forum.persianadmins.com/showthread.php?p=3017

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=AAA&topicID=.ee6e1fe&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc1d598

-Scott
*** Please rate helpful posts ***
3 Replies 3

John Blakley
VIP Alumni
VIP Alumni

I would try to run "debug radius" and see if you can get anything from that.

HTH,

John

HTH, John *** Please rate all useful posts ***

I have used this tool extensively - Please download the test tool from this site to test the user http://www.evolynx.com/radius/dl_loadtest.aspx.

Mat

Thanks for the link.... here is the debug from the switch and I will attach the IAS settings as well.

-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: