I am looking for the basic bare-bones radius configuration for a 3750. radius server is listening on ports 1812-1813 Just enough to have a client authenticate. also need the vty line config. I am usre tyhe problem is on the radius server end but I just want to confirm. also if anyway to test the config.
This should do it
aaa authentication login default local group radius
radius-server host x.x.x.x auth-port 1812 acct-port 1813
You can also try running debug radius authentication to help identify any issues.
You dont need a key, that depends on your radius server software but I would recommend you use one. The command is :-
radius-server key 0 thisismykey
Other useful commands are below:-
ip radius source-interface
radius-server timeout 10
here is the bare-bones config I am running. i included line that I thoughtw ere pertinent to radius. Do you think I am missing anything?
-username letmein password 7
-aaa authentication login default local group radius
-radius-server host x.x.x.x auth-port 1812 acct-port 1813
-radius-server source-ports 1645-1646
line con 0
line vty 5 15
Looks good to me, what do you get in the output of debug radius authentication ?
Also, no disrespect intended, but you can ping the radius server and the software is running and listening on the right ports?
I can ping the radius host from the switch and I have tried to ping the port using ping x.x.x.x 1812 and ping x.x.x.x 1813 from the switch and other locations in the same network but I do not get an answer. In the debug output I get.
radius protocol debugging is on
radius protocol brief debugging is off
radius protocol verbose debugging is on
radius packet hex dump debugging is off
radius packet protocol authentication debugging is on
radius packet protocol accounting debugging is off
radius elog debugging is off
radius server fail-over debugging is off
If you are connected to your device via telnet and you have turned on radius authentication debugging, type terminal monitor at priv exec mode:
this will redirect the debug (log) messages to your vty session. Once you have done this, start another session and try to authenticate, but do not use the username letmein as you have chosen to do local auth first and radius second, letmein is defined in the local database. Try a username that is not defined locally but is instead configured on your radius server and then watch for the output on the screen to get a clue as to why it is failing.
That helped allot. I believe things on my end are set up correctly. I am setting up the switch part. Someone else is doing the radius server end. I am trying to help them out if I can. Debugging shows me that there is no response from server, tried all servers. the switch is trying to go out and query the ip of the radius server but it is not getting a response.