Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4970
Views
0
Helpful
2
Replies

AAA authorization of SF302-08MPP issue

Go to solution
John Trumbell
Level 1
Level 1

‎07-09-2014 06:57 AM - edited ‎03-10-2019 09:51 PM

Hi

I'm having an issue with getting RADIUS working on a SF 302-08MPP. RADIUS server is working fine with other switch ie cat2960's. I keep getting the following error when I attempt to login using AD credentials, which work on my other switches.

Invalid user or password at the login screen and in the switch RAM logs the below log entry.

Warning     %AAA-W-REJECT: New https connection, source <ip address> destination <ip address>  REJECTED

I'm not seeing any errors on the NPS (Windows 2008 R2 ent server)

Under Security=>RADIUS I've used most of the default setting and match them on the NPS(RADIUS) server.

The active access profile is one I created for HTTPS, and my PC is the device permitted.

Is there anything I'm missing? Any thoughts?

Thanks

John

 

 

 

 
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kushsriva
Level 1
Level 1

‎07-09-2014 07:19 AM

Hi,

 

According to the configuration guide http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf

"For the RADIUS server to grant access to the web-based configuration utility, the
RADIUS server must return "cisco-avpair = shell:priv-lvl=15."

 

So you need to make sure along with "access-accept" the server is returning the value to provide GUI access to users.

 

Here's few links which might help:

https://supportforums.cisco.com/discussion/10687961/windows-2008-nps-radius-and-aaa

http://technologyordie.com/windows-nps-radius-authentication-of-cisco-prime-infrastructure

 

Regards,

Kush

View solution in original post

0 Helpful
2 Replies 2

Go to solution
kushsriva
Level 1
Level 1

‎07-09-2014 07:19 AM

Hi,

 

According to the configuration guide http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf

"For the RADIUS server to grant access to the web-based configuration utility, the
RADIUS server must return "cisco-avpair = shell:priv-lvl=15."

 

So you need to make sure along with "access-accept" the server is returning the value to provide GUI access to users.

 

Here's few links which might help:

https://supportforums.cisco.com/discussion/10687961/windows-2008-nps-radius-and-aaa

http://technologyordie.com/windows-nps-radius-authentication-of-cisco-prime-infrastructure

 

Regards,

Kush

0 Helpful

Go to solution
John Trumbell
Level 1
Level 1

‎07-09-2014 07:54 AM

Thanks, missed that.

0 Helpful
Customers Also Viewed These Support Documents