Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with RADIUS and VRF in Cisco 6500

Hello,

I have the next config of radius authentication:

aaa new-model

aaa authentication login default group radius local

aaa authorization exec default group radius local

aaa session-id common

ip radius source-interface Vlan31 vrf LEGACY

radius-server host 10.10.4.18 auth-port 1645 acct-port 1646 key 7 XXXXXXXX

radius-server host 10.10.5.15 auth-port 1812 acct-port 1813 key 7 XXXXXXXX

radius-server vsa send accounting

radius-server vsa send authentication

The authentication don´t work

In the radius server the sniffer not detect the packets from the Cisco 6500 but the icmp packets from the 6500 arrive fine.

C6500# ping vrf LEGACY 10.10.4.18 SOUrce VLAN 31

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.4.18, timeout is 2 seconds:

Packet sent with a source address of 10.10.5.254

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

interface Vlan31

description XXXX

ip vrf forwarding LEGACY

ip address 10.10.5.254 255.255.254.0

no ip redirects

no ip proxy-arp

no ip mroute-cache

end

it's correct my configuration?

Can you help me?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Problem with RADIUS and VRF in Cisco 6500

What version of IOS are you running on your 6500?

Try the following configuration:

aaa new-model

!

aaa group server radius RADLegacy

server host 10.10.4.18

server host 10.10.5.15

ip vrf forwarding LEGACY

!

aaa authentication login default group RADLegacy local

aaa authorization exec default group RADLegacy local

!

3 REPLIES
New Member

Problem with RADIUS and VRF in Cisco 6500

What VRF are you trying to enable this aaa ? If it not a per VRF AAA then simply define radius source as vlan31 - drop the vrf bit.

Cisco Employee

Problem with RADIUS and VRF in Cisco 6500

What version of IOS are you running on your 6500?

Try the following configuration:

aaa new-model

!

aaa group server radius RADLegacy

server host 10.10.4.18

server host 10.10.5.15

ip vrf forwarding LEGACY

!

aaa authentication login default group RADLegacy local

aaa authorization exec default group RADLegacy local

!

New Member

Problem with RADIUS and VRF in Cisco 6500

Hello,

The problem is solved

I had to include the following configuration

aaa new-model

aaa group server radius RADIUS-GESTION

aaa authentication login default group RADIUS-GESTION local

aaa authorization exec default group RADIUS-GESTION local

ip vrf forwarding GESTION

radius-server host 10.10.5.15 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXX

radius-server host 10.10.4.18 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXXXXXX

radius-server vsa send accounting

radius-server vsa send authentication

thanks for the help

3775
Views
15
Helpful
3
Replies
CreatePlease login to create content