Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Public Key & Radius

As several documents mention, it should be possible to authenticate on a switch via radius with a public key.

For example http://freeradius.1045715.n5.nabble.com/SSH-to-Cisco-Devices-td5714654.html

I tried several ways, for example

aaa group server radius RadiusServer

     server-private <IP> auth-port 1812 acct-port 1813 key 7 <KE>

aaa authentication attempts login 2

aaa authentication login default group RadiusServerlocal

aaa authorization exec default group RadiusServer if-authenticated

But the switch always displays the password prompt and I always got the message

Info: [eap] No EAP-Message, not doing EAP

Any Idea what to change?

1 REPLY
New Member

Public Key & Radius

Interesting the Forum killed my code

My example was:

aaa group server radius RadiusServer

server-private auth-port 1812 acct-port 1813 key 7

aaa authentication login default group RadiusServer local

aaa authorization exec default group RadiusServer local

radius-server attribute 6 on-for-login-auth

radius-server vsa send authentication

145
Views
0
Helpful
1
Replies
CreatePlease to create content