Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

AAA authorization of SF302-08MPP issue

Hi

I'm having an issue with getting RADIUS working on a SF 302-08MPP. RADIUS server is working fine with other switch ie cat2960's. I keep getting the following error when I attempt to login using AD credentials, which work on my other switches.

Invalid user or password at the login screen and in the switch RAM logs the below log entry.

Warning     %AAA-W-REJECT: New https connection, source <ip address> destination <ip address>  REJECTED

I'm not seeing any errors on the NPS (Windows 2008 R2 ent server)

Under Security=>RADIUS I've used most of the default setting and match them on the NPS(RADIUS) server.

The active access profile is one I created for HTTPS, and my PC is the device permitted.

Is there anything I'm missing? Any thoughts?

Thanks

John

 

 

 

 
1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Hi, According to the

Hi,

 

According to the configuration guide http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf

"For the RADIUS server to grant access to the web-based configuration utility, the
RADIUS server must return "cisco-avpair = shell:priv-lvl=15."

 

So you need to make sure along with "access-accept" the server is returning the value to provide GUI access to users.

 

Here's few links which might help:

https://supportforums.cisco.com/discussion/10687961/windows-2008-nps-radius-and-aaa

http://technologyordie.com/windows-nps-radius-authentication-of-cisco-prime-infrastructure

 

Regards,

Kush

2 REPLIES
Bronze

Hi, According to the

Hi,

 

According to the configuration guide http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf

"For the RADIUS server to grant access to the web-based configuration utility, the
RADIUS server must return "cisco-avpair = shell:priv-lvl=15."

 

So you need to make sure along with "access-accept" the server is returning the value to provide GUI access to users.

 

Here's few links which might help:

https://supportforums.cisco.com/discussion/10687961/windows-2008-nps-radius-and-aaa

http://technologyordie.com/windows-nps-radius-authentication-of-cisco-prime-infrastructure

 

Regards,

Kush

New Member

Thanks, missed that.

Thanks, missed that.

82
Views
0
Helpful
2
Replies
CreatePlease to create content