Radius on 2960 and 2955

Unanswered Question
Apr 4th, 2012
User Badges:

Hello,


I'm about to configure radius on a 2960 and 2955 switch as I have been testing this on a 1841 router and to my dismay I can't see the options to configure radius, do these L2 switches not supoprt radius?


edit - apoligies I forgot the "aaa new-model" all ok now


Although when I added:


radius-server host 10.1.1.1 auth-port 1645 acct-port 1646 key 123456789

radius-server host 10.1.1.2 auth-port 1645 acct-port 1646 key 123456789

radius-server vsa send accounting
radius-server vsa send authentication


I got this:


Warning: This CLI will be deprecated soon. Please move to radius server <name> CLI.


What is this? And what woudl the above look like if I configured it that way?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
fsebera Wed, 04/04/2012 - 12:20
User Badges:
  • Bronze, 100 points or more

The warning message just indicates the new(er) version of IOS will probably not support this feature Eg. radius-server NAME.  The newer version is yet to be available from Cisco. The warning message is allowing you time to migrate to a more supportable configuration (you know, research for a better way to perform your task).

:

If you never upgrade this box, you are fine.

HTH

Frank

Andy White Wed, 04/04/2012 - 12:49
User Badges:

Isn't it saying the opposite?  That we should start using Radius-server NAME?


If so what woudl my above config look if migrated, as I'd like to start using it?


Thanks

fsebera Fri, 04/06/2012 - 18:06
User Badges:
  • Bronze, 100 points or more

Hi Andy,

I would guess it depends on which command caused the notice message. From the output, it's not clear which command provided the notice. But at any rate, you are fine for now as the message in referring to a future release.


Frank

Andy White Sat, 04/07/2012 - 00:46
User Badges:

Thanks


I think I would need to use something like this as it accepts it:


Radius server London1

radius-server host 10.1.1.1 auth-port 1645 acct-port 1646 key 123456789


Radius server London2

radius-server host 10.1.1.2 auth-port 1645 acct-port 1646 key 123456789


Can see the point so will stick to what we have been using for years.

gschmitt.ngit Thu, 06/28/2012 - 14:49
User Badges:

The new command set is indeed like this:


radius server AAAISE1

address ipv4 10.19.250.50 auth-port 1812 acct-port 1813

key 7 01115506555E172F32

!

radius server AAAISE2

address ipv4 10.19.250.51 auth-port 1812 acct-port 1813

key 7 130744101444150A38


Same stuff, different format. You could think of it like the format for extended IP ACLs.

boclay Tue, 12/04/2012 - 10:32
User Badges:
  • Cisco Employee,

Hi Andy,


I've been tracking this issue with our documentation team. They have recently added the "radius server name" command to the latest security command reference for IOS 15.3 M&T.


You can find this information by going to this link...

http://www.cisco.com/en/US/products/ps12745/prod_command_reference_list.html


When you get to this link, scroll down to the Security, Services and VPN section. Next click on Cisco IOS Security Command Reference: Commands M to R. From there can find a link to the radius server command.


Bob

Actions

This Discussion