Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

AAA/Radius failures

Have a couple of switches setup for AAA/Radius (Microsoft IAS running Radius). All authentication fails when I configure it with a radius key (matching on switch and server).

When I remove the key, I still cant authenticate with my domain credentials, and can only authenticate using the local admin password configured on the switch on a few occasions.

To get back into the switch I have to stop the IAS service on the Microsoft Radius server, log into the switch with the local admin password, before restarting the IAS service.

How can I make AAA/Radius work effectively.

3 REPLIES
Hall of Fame Super Gold

Re: AAA/Radius failures

Mark

There are several things that you might do:

- reconfigure a switch and reconfigure the Radius server for that switch to eliminate the possibility of configuration mismatch. I would be sure to key in clear text keys rather than cut and paste some encrypted value which you assume will be the same on both ends.

- look on the server to see if there are any log entries that indicate that it saw authentication requests and why they failed.

- run debugs on the switches to see what they are reporting.

HTH

Rick

Community Member

Re: AAA/Radius failures

I switch wasnt giving a clear reason in the event log apart from saying that there was an authentication failure. After reconfiguring the switches over and still getting failures I stopped the IAS service for about 5 mins, which is a rather long time, but after restarting the IAS service the switches responded, so it was more of a Microsoft IAS end of a problem

Hall of Fame Super Gold

Re: AAA/Radius failures

Mark

That is an interesting resolution to the problem and one that I would probably have been slow to think of. I will file this away for future reference.

HTH

Rick

136
Views
0
Helpful
3
Replies
CreatePlease to create content