Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Radius configuration

I am looking for the basic bare-bones radius configuration for a 3750. radius server is listening on ports 1812-1813 Just enough to have a client authenticate. also need the vty line config. I am usre tyhe problem is on the radius server end but I just want to confirm. also if anyway to test the config.

10 REPLIES

Re: Radius configuration

This should do it

aaa new-model

aaa authentication login default local group radius

radius-server host x.x.x.x auth-port 1812 acct-port 1813

You can also try running debug radius authentication to help identify any issues.

New Member

Re: Radius configuration

Thanks. do I need anything on the vty lines

Re: Radius configuration

No you should not need to but you can set

login authentication

under your line config but it is not always needed.

New Member

Re: Radius configuration

Just one more question. So do I neen to set a key.

Re: Radius configuration

You dont need a key, that depends on your radius server software but I would recommend you use one. The command is :-

radius-server key 0 thisismykey

Other useful commands are below:-

ip radius source-interface

radius-server timeout 10

New Member

Re: Radius configuration

here is the bare-bones config I am running. i included line that I thoughtw ere pertinent to radius. Do you think I am missing anything?

-service password-encryption

-enable password

-username letmein password 7

-aaa new-model

-aaa authentication login default local group radius

-radius-server host x.x.x.x auth-port 1812 acct-port 1813

-radius-server source-ports 1645-1646

-radius-retransmit 10

line con 0

line vty 5 15

Re: Radius configuration

Looks good to me, what do you get in the output of debug radius authentication ?

Also, no disrespect intended, but you can ping the radius server and the software is running and listening on the right ports?

New Member

Re: Radius configuration

I can ping the radius host from the switch and I have tried to ping the port using ping x.x.x.x 1812 and ping x.x.x.x 1813 from the switch and other locations in the same network but I do not get an answer. In the debug output I get.

radius protocol debugging is on

radius protocol brief debugging is off

radius protocol verbose debugging is on

radius packet hex dump debugging is off

radius packet protocol authentication debugging is on

radius packet protocol accounting debugging is off

radius elog debugging is off

radius server fail-over debugging is off

Re: Radius configuration

If you are connected to your device via telnet and you have turned on radius authentication debugging, type terminal monitor at priv exec mode:

hostname#terminal monitor

this will redirect the debug (log) messages to your vty session. Once you have done this, start another session and try to authenticate, but do not use the username letmein as you have chosen to do local auth first and radius second, letmein is defined in the local database. Try a username that is not defined locally but is instead configured on your radius server and then watch for the output on the screen to get a clue as to why it is failing.

New Member

Re: Radius configuration

That helped allot. I believe things on my end are set up correctly. I am setting up the switch part. Someone else is doing the radius server end. I am trying to help them out if I can. Debugging shows me that there is no response from server, tried all servers. the switch is trying to go out and query the ip of the radius server but it is not getting a response.

440
Views
15
Helpful
10
Replies
CreatePlease to create content