RADIUS authentication for SGE2010 switch

Unanswered Question
Jun 9th, 2010

I am trying to configure a SGE2010 switch to use RADIUS authentication. At the moment, the NPS (Windows Server 2008r2 RADIUS) server is receiving the access request and is returning an access accept.

The switch does not let us log in.

Cisco-sw1(config)# 09-Nov-2009 21:10:35 %AAA-W-REJECT: New telnet connection for
user [email protected], source destination   REJECTED

Note: It is printing the user's password instead of the username.

I suspect it is something to do with the cisco-AV-pair attribute. I have tried the following values but nothing works:


Shell = 15

Level = 15

Relevant lines from switch configuration:

radius-server host key [email protected]
aaa authentication enable default none
aaa authentication login default radius

Any help would be more than greatly appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dtbullock Thu, 06/10/2010 - 22:25

To get some visibility into the RADIUS exchange, you could configure logging on NPS.  In the log is the name of the network policy which was ultimately used to evaluate the request.  If it selects 'Connections to other access servers' (the lowest-priority policy that functions as a 'default deny'), then you'll know that for some reason the Conditions on *your* network policy are too specific to be matched.

Bushy3008 Wed, 06/16/2010 - 17:53

The problem isn't that it is rejecting me. Using network monitor I can see it is accepting the request but for some reason just won't log me in.

A link was sent to me to another website where it show that you have to go into the settings tab of the policy and change the radius attribute

to Service-Type Administrative.

After doing that, I was able to log into the switch with any of the windows domain users I had specified.

This is the link that gave me the answer



This Discussion