Authentication Interface in AAA Radius Configuration

Unanswered Question
May 12th, 2010
User Badges:

Hello,


we are trying to authenticate against an Radius Server.


can you tell me witch interface will be used for the authentication Process?


With best regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Wed, 05/12/2010 - 05:57
User Badges:
  • Cisco Employee,

By default it will be the router interface where the radius server is connected to. Or alternatively if you would like to use any specific interface, you can configure the following command:

ip radius source-interface


Hope it helps.

FHGE-Renneberg Wed, 05/12/2010 - 06:07
User Badges:

Oh


I forget to say that we are trying to authenticate our WLAN Clients against an Radius Server. The Serverentries are made in the Configuration Chapter for Radius.


The Most Recent traps tell:


RADIUS Server x.x.x.x failed to respond to request (ID 2) for client .......



Is it possible that the Authentication Method uses the Management or Service Interface to contact the RADIUS Server?


We would prefer that it contact the server via the guest interface



Any Ideas?

Jennifer Halim Wed, 05/12/2010 - 06:11
User Badges:
  • Cisco Employee,

Yes, you should be able to configure the source interface for the radius packet using the command provided earlier

:

ip radius source-interface

FHGE-Renneberg Wed, 05/12/2010 - 06:31
User Badges:

Even in Firmware Version 4.2


Can you please tell me where I have to enter it.


ON CLI in Config Mode it isnt possible.

Jennifer Halim Wed, 05/12/2010 - 06:36
User Badges:
  • Cisco Employee,

What device does the authentication originate from? An IOS router?


4.2 is the ACS version I assume. The configuration should be done on the NAS device, not on the ACS server. Once the changes has been done on the NAS device, you would need to configure the correct ip address on the ACS server with the ip address of the interface you use for that NAS device.

FHGE-Renneberg Wed, 05/12/2010 - 06:57
User Badges:

At least it looks like this:



Client   ------------> Lightweight Access Point  ----------------> WiSM --------X--------------> Radius Server


The WISM is Firmware is state 4.2 and the RADIUS Server is configured in the AAA setting as the Authentication Server and the Accounting Server.


The WISM has multiple Interfaces factoy default: Managment, ap-manager, service-port and virtual

                    we added the interface test-Radius which is configured with the WLAN the Client connects to.


In the Trap view i can see that the Controller cannot reach the Radius Server.


I think the Controller uses the Interface management to get contact to the Radius.

But the Radius is only reachable over the test-Radius interface.


Can somebody tell me where i configure the controller to use the client interface "test-radius" to get in contect to the Radius?


Best regards

Actions

This Discussion

 

 

Trending Topics - Security & Network