Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8209
Views
0
Helpful
6
Replies

Radius on 2960 and 2955

Andy White
Level 3
Level 3

‎04-04-2012 08:05 AM - edited ‎03-07-2019 05:57 AM

Hello,

I'm about to configure radius on a 2960 and 2955 switch as I have been testing this on a 1841 router and to my dismay I can't see the options to configure radius, do these L2 switches not supoprt radius?

edit - apoligies I forgot the "aaa new-model" all ok now

Although when I added:

radius-server host 10.1.1.1 auth-port 1645 acct-port 1646 key 123456789

radius-server host 10.1.1.2 auth-port 1645 acct-port 1646 key 123456789

radius-server vsa send accounting
radius-server vsa send authentication

I got this:

Warning: This CLI will be deprecated soon. Please move to radius server <name> CLI.

What is this? And what woudl the above look like if I configured it that way?

Thanks

1 person had this problem
Labels:
0 Helpful
6 Replies 6

fsebera
Level 4
Level 4

‎04-04-2012 12:20 PM

The warning message just indicates the new(er) version of IOS will probably not support this feature Eg. radius-server NAME.  The newer version is yet to be available from Cisco. The warning message is allowing you time to migrate to a more supportable configuration (you know, research for a better way to perform your task).

:

If you never upgrade this box, you are fine.

HTH

Frank

0 Helpful

Andy White
Level 3
Level 3
In response to fsebera

‎04-04-2012 12:49 PM

Isn't it saying the opposite?  That we should start using Radius-server NAME?

If so what woudl my above config look if migrated, as I'd like to start using it?

Thanks

0 Helpful

fsebera
Level 4
Level 4
In response to Andy White

‎04-06-2012 06:06 PM

Hi Andy,

I would guess it depends on which command caused the notice message. From the output, it's not clear which command provided the notice. But at any rate, you are fine for now as the message in referring to a future release.

Frank

0 Helpful

Andy White
Level 3
Level 3
In response to fsebera

‎04-07-2012 12:46 AM

Thanks

I think I would need to use something like this as it accepts it:

Radius server London1

radius-server host 10.1.1.1 auth-port 1645 acct-port 1646 key 123456789

Radius server London2

radius-server host 10.1.1.2 auth-port 1645 acct-port 1646 key 123456789

Can see the point so will stick to what we have been using for years.

0 Helpful

gschmitt.ngit
Level 1
Level 1

‎06-28-2012 02:49 PM

The new command set is indeed like this:

radius server AAAISE1

address ipv4 10.19.250.50 auth-port 1812 acct-port 1813

key 7 01115506555E172F32

!

radius server AAAISE2

address ipv4 10.19.250.51 auth-port 1812 acct-port 1813

key 7 130744101444150A38

Same stuff, different format. You could think of it like the format for extended IP ACLs.

0 Helpful

boclay
Cisco Employee
Cisco Employee

‎12-04-2012 10:32 AM

Hi Andy,

I've been tracking this issue with our documentation team. They have recently added the "radius server name" command to the latest security command reference for IOS 15.3 M&T.

You can find this information by going to this link...

http://www.cisco.com/en/US/products/ps12745/prod_command_reference_list.html

When you get to this link, scroll down to the Security, Services and VPN section. Next click on Cisco IOS Security Command Reference: Commands M to R. From there can find a link to the radius server command.

Bob

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card