aaa authentication login default group radius local
I have tried changing the auth-port and acct-port to the default 1645 and 1646 with no luck. I have been successful with all other L2 switches within our network but have been unable to get the 4506 to authorize and authenticate using the RADIUS server. Any suggestions?
I also have 2 IMB BladeCenter CB31X0 switches which are cisco switches that are not authenticating through the RADIUS server. It also has the same config as the 4506.
I have a couple of questions/suggestions and hope that some might be helpful in identifying the issue.
- have you checked IP connectivity between the switch and the Radius server?
- is it possible that there is a firewall or some other device filtering traffic that is not allowing the request to get through to the server - or the response to get back to the switch?
- are there logs on the Radius server that indicate that the server saw the authentication request? And if so what do the logs say the server did about the request?
- is it possible that the Radius server is not correctly configured to recognize this switch as a valid client for authentication?
- is it possible that there is more than one path from the switch to the server and that the switch is not using the IP address as source of the request that you expected? (which would make it appear to be an invalid client to the server)
Thanks for the reply. The RADIUS server is directly connected to the 4506 and I am able to ping the server. There is no firewall or any other device filtering traffic. The logfile on the server is not showing any request from the 4506. I have configured the server the same way for each of the switches within the network and the 4506 is the only one having issues access the RADIUS server. Since the server is directly connected to the 4506 there is only one path to the server.
Thanks for the additional information. You have pretty well addressed the questions/suggestions that I raised. So I would suggest that now might be the time to turn on debugging for aaa authentication and for radius.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...