This is my radius config.....

bdl_reseaux · ‎03-18-2014

Hi everyone,

I am currently struggling at having my radius server working on my Nexus 5548.

To make it short and clear (hopefully) :

The internal core network is made up of a bunch of Nexus 7k with out of band management through vlan interfaces and a dedicated vrf :

172.30/16 ; vrf context netmgmt

I am setting up a Nexus 5k in the DMZ and the traffic between the 7k and this 5k is hence cut. To keep on managing all the switches with ease I connected the management interface to one of the Nexus with the following configuration :

interface mgmt 0

vrf member management

ip address 172.30.10.70/16

(On the 7k side, the port is an access port)

Everything but the radius config is working fine (the radius servers are actually working as other switches are already bond to them) :

radius-server key 7 xxxxx

radius-server host 172.30.10.30 authenticating accounting

radius-server host 172.30.40.30 authenticating accounting

aaa group server radius Radius

server 172.30.10.30

server 172.30.40.30

use-vrf management

Anything wrong or that I have overlooked ?

Thanks for your help.

mikegrous · ‎03-18-2014

This is my radius config...... on a 5K

radius-server timeout 7
radius-server host 10.28.42.20 key 7 "Password" auth-port 1645 acct-port 1646 authentication accounting
radius-server host 10.28.42.21 key 7 "Password" auth-port 1645 acct-port 1646 authentication accounting
aaa group server radius Radius-Servers
server 10.28.42.20
server 10.28.42.21
aaa authentication login default group Radius-Servers
ip radius source-interface Vlan1
aaa authentication login default fallback error local

And it is currently working. On the radius server i also had to do this to make the users admins once logged in:

https://supportforums.cisco.com/document/137181/nexus-integration-admin-access-free-radius

Marvin Rhoads · ‎03-18-2014

Try adding "ip radius source-interface mgmt0".

Radius config on Nexus 5548