Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

L3 4506 RADIUS Authentication Failure

I have going through implementing a windows based RADIUS Server for ciso device logins. I am having difficulty getting our 4506 to authenticate using the RADIUS server.

Config:

aaa new-model

radius-server host 192.168.0.3 auth-port 1812 acct-port 1813

radius-server key 7 xxxxxxxxxxxxxxxxxxxxxxxx

aaa authentication login default group radius local

IOS: cat4500e.entservicesk9-mz.151-2.sg.bin

I have tried changing the auth-port and acct-port to the default 1645 and 1646 with no luck. I have been successful with all other L2 switches within our network but have been unable to get the 4506 to authorize and authenticate using the RADIUS server. Any suggestions?

I also have 2 IMB BladeCenter CB31X0 switches which are cisco switches that are not authenticating through the RADIUS server. It also has the same config as the 4506.

3 REPLIES
Hall of Fame Super Silver

L3 4506 RADIUS Authentication Failure

I have a couple of questions/suggestions and hope that some might be helpful in identifying the issue.

- have you checked IP connectivity between the switch and the Radius server?

- is it possible that there is a firewall or some other device filtering traffic that is not allowing the request to get through to the server - or the response to get back to the switch?

- are there logs on the Radius server that indicate that the server saw the authentication request? And if so what do the logs say the server did about the request?

- is it possible that the Radius server is not correctly configured to recognize this switch as a valid client for authentication?

- is it possible that there is more than one path from the switch to the server and that the switch is not using the IP address as source of the request that you expected? (which would make it appear to be an invalid client to the server)

HTH

Rick

New Member

L3 4506 RADIUS Authentication Failure

Rick,

Thanks for the reply. The RADIUS server is directly connected to the 4506 and I am able to ping the server. There is no firewall or any other device filtering traffic. The logfile on the server is not showing any request from the 4506. I have configured the server the same way for each of the switches within the network and the 4506 is the only one having issues access the RADIUS server. Since the server is directly connected to the 4506 there is only one path to the server.

Hall of Fame Super Silver

L3 4506 RADIUS Authentication Failure

Thanks for the additional information. You have pretty well addressed the questions/suggestions that I raised. So I would suggest that now might be the time to turn on debugging for aaa authentication and for radius.

HTH

Rick

234
Views
0
Helpful
3
Replies