Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2303
Views
0
Helpful
5
Replies

SPS224G4 trouble with Radius

JevgenijSabaliauskas
Level 1
Level 1

‎11-03-2009 01:29 AM

Hello,

trying to login into our SPS224G4 using Radius authentifacation and still unsuccessfull.

May be this is bug may be my misconfiguration.

STEP 1.

===================================================

Radius-server

radius-server host 10.1.0.54 key kf2f2ff2DADsaahhsnnkA source source 10.0.34.249 usage login
radius-server deadtime 1

This is my radius-server configuration:

Linksys_t# sh radius-servers
start

  IP address    Port  port  Time-   Ret-  Dead-     source IP    Prio. Usage
                Auth  Acct  Out     rans  Time
--------------- ----- ----- ------ ------ ------ --------------- ----- -----
   10.1.0.54    1812  1813  Global Global Global   10.0.34.249     0   login


Global values
--------------

TimeOut : 3
Retransmit : 3
Deadtime : 1
Source IP : 0.0.0.0
Source IPv6 : ::

========================================================

aaa authentification

aaa authentication enable perRadius none
aaa authentication login perRadius radius none
line telnet
login authentication perRadius
enable authentication perRadius

Linksys_t# sh authentication  me

Login Authentication Method Lists
----------------------------------
Default             : Local
perRadius           : Radius   None

Enable  Authentication Method Lists
----------------------------------
Default             : Enable   None
perRadius           : None

Line           Login Method List         Enable Method List
-------        -----------------         -------------------
Console        Default                   Default
Telnet         perRadius                 perRadius
SSH            Default                   Default

http                : Local
https               : Local
dot1x               :
=====================================================

So if you look into my config, when I telenet to linksys SPS224 I should login using RADIUS. But it allways return: "Linksys_t# sh authentication  me:         :
"authentication failed"

STEP 2.

I digg deeply with Wireshark tool, the results you can see into radius_linksys_accept.pcap file

My Radius say: "access-accepted", therefore Linksys still says "authentication failed"

So what is the problem, am I misconfigured something?

This Radius work fine with Cisco and D-link switches.

running-config also attached (linksys.conf)

Labels:
66516-linksys.conf
66515-radius_linksys_accept.pcap
0 Helpful
5 Replies 5

chrcoope
Level 1
Level 1

‎11-04-2009 07:47 AM

Hello,

I wanted to let you know that I will be testing this in my lab when time permits. I have an SPS224G4 though, is that an exact match for your equipment? I do not seem to have any SPS224s.

Regards,

Christopher

0 Helpful

Alejandro Gallego
Cisco Employee
Cisco Employee
In response to chrcoope

‎11-05-2009 02:10 PM

Please take a look at "Event Viewer" on your RADIUS server and post the error log for the source IAS.

Also inside the IAS snap in > RRAS policy > your policy > Right Click > Edit Profile; then "Advanced" what are the attributes listed? Looking for Name and Value. Please post what you have.

I was able to confirm that RADIUS is working as expected, so we should be able to correct your configuration.

Screen shot 2009-11-05 at 5.26.19 PM.pngScreen shot 2009-11-05 at 5.26.56 PM.png

0 Helpful

alissitz
Level 4
Level 4
In response to Alejandro Gallego

‎11-06-2009 09:38 AM

Not sure if this is related, however I would suggest to also ensure that the Radius server is configured with a priv level 15 username.

If you are trying to pass additional attributes such as privilege levels or command sets to the switch, the switch might not understand these and respond with an authentication failed.

HTH,

Andrew Lee Lissitz

0 Helpful

JevgenijSabaliauskas
Level 1
Level 1
In response to Alejandro Gallego

‎11-10-2009 01:19 PM

Actually at this moment our distributor asked to give this switch back, so I'm not able to test it anymore. :(

Also I can't check Radius configuration now too, but Cisco ME2400 works with it perfectly.

If you see into my attached CAPTURE file, you can see that Radius says "Connection-accept" with parameter as you listed:

Cisco-AVPair: priv-lvl=15

liksys_radius.JPG

But Liksys still doesn't accept this connetion.

As soon as it will be possible to get this SW for testing, I'll try one more time.

Thanks for your answers.

0 Helpful

alissitz
Level 4
Level 4
In response to JevgenijSabaliauskas

‎11-11-2009 10:28 AM

I am sorry that we did not get this working before you had to give the switch back.  I you get another opp to test this, do please try back within this community.

Kindest regards and have a great week,

Andrew

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents