Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Multiple Groups in Radius

HI all -

Quick questions that will be easy for all you experts. I am using Juniper Steel-belted Radius for Remote Access Authenticaion off of our Concentrator right now. I want to start deploying 802.1x for vlan assignment and login authentication for the network boxes.

I have been looking around here, and have deducted that Radius has difficulties when you have the same username in multiple groups. Currently, the domain group VPNUSERS is allowing remote access, and that pretty much encompasses all the 1000+ employess for the company. For login authentication, I added a check list for the VPNUSERS (to ensure not everyone can login into my switches) group on the radius server to only allow requests from that of the concentrator, but if I create a new AD group (NETADMINS), put the users that will be allowed to login to the individual network devices, add that group as a user on the radius box, I am receiving an authentication failed error.

Is this because those usernames are currently being denied because those usernames are also a part of the VPNUSERS group, which is failing authentication because the attributes don't match according to the check list? Is there anyway around this without having multiple radius server groups on the network. Thanks for the help.


Re: Multiple Groups in Radius

Not all RADIUS servers are created equal... which one are you talking about?

New Member

Re: Multiple Groups in Radius

Juniper (funk) Steel Belted Radius. v5.02

CreatePlease to create content