cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5248
Views
0
Helpful
6
Replies

Radius source-interface not working ?

Gordon Ross
Level 9
Level 9

I'm running IOS 150-2.SE2 on 3750-X switches.

In my config, I have the command:

ip radius source-interface Loopback1

but all radius requests still have the source IP address of the "nearest" interface, not the loopback interface.

Interface Loopback1 is up and is pingable from the radius server.

Any suggestions ?

Thanks,

GTG

Please rate all helpful posts.
6 Replies 6

Jatin Katyal
Cisco Employee
Cisco Employee

I couldn't find any defect on this. Have you tried some other interface?

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Hi,

you will have to specify the source interface in global and in the server group sections (if you have server groups).

Thanks,

Tarik Admani
*Please rate helpful posts*

The only command I can see for controlling radius source address/interface is that global ip radius source-interface command.

My full AAA configuration is:

aaa new-model

!

aaa authentication login default group radius local

aaa authorization exec default group radius if-authenticated

aaa authorization network default group radius

aaa accounting exec default start-stop group radius

aaa accounting system default start-stop group radius

...

ip radius source-interface Loopback1

...

radius server radius1

address ipv4 192.168.1.1 auth-port 1812 acct-port 1813

key 7

GTG

Please rate all helpful posts.

Hi,

I don't know if a solution was found but I have the same issue that my Cisco 2960XR is not using the source-interface. It is like it is ignoring the command. Configuration is working fine with all our other Cisco devices.

Running ver - 15.0.(2) EX5 and cannot see anything on any bug lists.

Any suggestions?

Thank you

I just ran into a similar issue with a Catalyst 3650 (WS-C3650-48PS) running 16.3.7

 

After doing some digging i found that the ip radius source-interface command within the AAA radius group was being ignored. Once I configured this ip radius source-interface globally and removed the AAA radius group specific source things started working as expected.

robert.l.kraft
Level 1
Level 1

Super old thread but if anyone runs into this problem the likely culprit is the use of VRFs. See the following link.

 

https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/113666-tg-ios-per-vrf-00.html

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: