Solved: urgent: can't logon to switch after conf microsoft Radius for logon

paulnigel · ‎07-17-2006

Hi forum,

i can't logon to my switch after configuring logon with microsoft Radius, my configuration is as follow:

username nwadmin privilege 15 password 7

username yeopaul privilege 15 password 7

aaa new-model

aaa authentication login default group XXXRADIUS local enable

aaa group server radius XXXRADIUS

server X.X.X.X

radius-server host X.X.X.X auth-port 1645 acct-port 1646 timeout 60 retransmit 3 key XXXXX

=====================================

on the microsoft radius server, i can see from the security event that the authentication is successful. However, the system event show the logon fail, reason : the user attempt to use an authentication method that is not enabled on the matching remote access policy.

how do I recover the switch's access?(it is my core switch running HSRP with another)

what could be the cause of this problem?

Appreciate your help.

Thanks and Best regards,

Paul

wong34539 · ‎07-24-2006

I suspect that Remote access policy is not configured on the IAS server. Please follow the link to create the remote access policy:

http://technet2.microsoft.com/WindowsServer/en/Library/89772aab-db97-47a7-b806-042061189fa61033.mspx?mfr=true

View solution in original post

wong34539 · ‎07-24-2006

I suspect that Remote access policy is not configured on the IAS server. Please follow the link to create the remote access policy:

http://technet2.microsoft.com/WindowsServer/en/Library/89772aab-db97-47a7-b806-042061189fa61033.mspx?mfr=true

paulnigel · ‎07-24-2006

Thanks much Wong,

it resolved my issue. Cisco is actually using pap so i alter the policy to use pap, then it goes through.

somehow i don't understand why even after i shutdown the Radius server, the switches still do not refer to the local user database for authentication, but when i did the same thing on my ASA, it does work.

Thanks and regards,

paul