Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Radius and Windows Server/2008

I am trying to use Radius for Port-Security on a Catalyst 3560; the Radius-Server is a Windows Server/2008.

I am not able to get authenticating.

This is the Configuration of the Switch:

SW-SEDE#sh run

Building configuration...

Current configuration : 2845 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname SW-SEDE

!

enable password cisco

!

username cisco privilege 15 password 0 cisco

aaa new-model

aaa authentication dot1x default group radius

aaa authorization network default group radius

aaa accounting network default start-stop group radius

!

aaa session-id common

ip subnet-zero

ip routing

!

!

!

!

dot1x system-auth-control

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet0/1

switchport mode access

!

(omissis)

!

interface GigabitEthernet0/12

switchport mode access

dot1x pae authenticator

dot1x port-control auto

!

(omissis)

!

interface Vlan1

description VLAN-DEFAULT

ip address 192.168.1.254 255.255.255.0

!

interface Vlan2

description VLAN-2

ip address 192.168.2.254 255.255.255.0

!

interface Vlan3

description RESTRICTED

ip address 192.168.3.254 255.255.255.0

!

interface Vlan99

description VLAN-Router

ip address 192.168.99.1 255.255.255.0

!

ip default-gateway 192.168.99.254

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.99.254

ip http server

!

radius-server cache expiry 1

radius-server host 192.168.1.11 auth-port 1812 acct-port 1813

radius-server key tantovalagattaallardoche

!

control-plane

!

And this is the DEBUG output:

16:31:52: AAA/BIND(00000018): Bind i/f

16:31:52: AAA/AUTHEN/19 (00000018): Pick method list 'default'

16:31:52: RADIUS: AAA Unsupported [161] 19

16:31:52: RADIUS: 47 69 67 61 62 69 74 45 74 68 65 72 6E 65 74 30 [GigabitEthernet0]

16:31:52: RADIUS: 2F [/]

16:31:52: RADIUS(00000018): Storing nasport 50012 in rad_db

16:31:52: RADIUS(00000018): Config NAS IP: 0.0.0.0

16:31:52: RADIUS/ENCODE(00000018): acct_session_id: 22872064

16:31:52: RADIUS(00000018): sending

16:31:52: RADIUS/ENCODE: Best Local IP-Address 192.168.1.254 for Radius-Server 192.168.1.11

16:31:52: RADIUS(00000018): Send Access-Request to 192.168.1.11:1812 id 21645/28, len 127

16:31:52: RADIUS: authenticator 7D 49 7D A6 E3 2F AD 22 - 8E E2 8F A8 55 95 6E AA

16:31:52: RADIUS: User-Name [1] 8 "user01"

16:31:52: RADIUS: Service-Type [6] 6 Framed [2]

16:31:52: RADIUS: Framed-MTU [12] 6 1500

16:31:52: RADIUS: Called-Station-Id [30] 19 "00-1B-0C-8F-93-0C"

16:31:52: RADIUS: Calling-Station-Id [31] 19 "00-09-6B-0C-86-9F"

16:31:52: RADIUS: EAP-Message [79] 13

16:31:52: RADIUS: 02 02 00 0B 01 75 73 65 72 30 31 [?????user01]

16:31:52: RADIUS: Message-Authenticato[80] 18

16:31:52: RADIUS: E8 D5 38 63 79 AF 23 B6 9E 75 9D 6E 2E 18 DE EB [??8cy?#??u?n.???]

16:31:52: RADIUS: NAS-Port [5] 6 50012

16:31:52: RADIUS: NAS-Port-Type [61] 6 Eth [15]

16:31:52: RADIUS: NAS-IP-Address [4] 6 192.168.1.254

16:31:58: RADIUS: Retransmit to (192.168.1.11:1812,1813) for id 21645/28

16:32:04: RADIUS: Retransmit to (192.168.1.11:1812,1813) for id 21645/28

16:32:09: RADIUS: Retransmit to (192.168.1.11:1812,1813) for id 21645/28

16:32:15: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.1.11:1812,1813 is not responding.

16:32:15: %RADIUS-4-RADIUS_ALIVE: RADIUS server 192.168.1.11:1812,1813 has returned.

16:32:15: RADIUS: No response from (192.168.1.11:1812,1813) for id 21645/28

16:32:15: RADIUS/DECODE: parse response no app start; FAIL

16:32:15: RADIUS/DECODE: parse response; FAIL

Some HELP?

2 REPLIES

Re: Radius and Windows Server/2008

It seems that Radius is not responding to the request. Make sure secret key is same and there is no firewall in between blocking radius traffic.

Regards,

~JG

Re: Radius and Windows Server/2008

Also check the listening ports of your server.

651
Views
0
Helpful
2
Replies
CreatePlease to create content