cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1954
Views
0
Helpful
1
Replies

Public Key & Radius

Christoph Faber
Level 1
Level 1

As several documents mention, it should be possible to authenticate on a switch via radius with a public key.

For example http://freeradius.1045715.n5.nabble.com/SSH-to-Cisco-Devices-td5714654.html

I tried several ways, for example

aaa group server radius RadiusServer

     server-private <IP> auth-port 1812 acct-port 1813 key 7 <KE>

aaa authentication attempts login 2

aaa authentication login default group RadiusServerlocal

aaa authorization exec default group RadiusServer if-authenticated

But the switch always displays the password prompt and I always got the message

Info: [eap] No EAP-Message, not doing EAP

Any Idea what to change?

1 Reply 1

Christoph Faber
Level 1
Level 1

Interesting the Forum killed my code

My example was:

aaa group server radius RadiusServer

server-private auth-port 1812 acct-port 1813 key 7

aaa authentication login default group RadiusServer local

aaa authorization exec default group RadiusServer local

radius-server attribute 6 on-for-login-auth

radius-server vsa send authentication

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco