Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

specifying keys for multiple radius server groups

Any pointers as to how to assign radius keys to multiple radius server groups on 2950 switches running ios 12.1.22.ea9? I need to be able to authenticate to an RSA radius server for access to the switch itself as well as doing 802.1x authentication for switchports.

The config for the radius server groups looks like:

aaa group server radius cons-login

server xx.xx.xx.xx auth-port 1812 acct-port 1813

server xx.xx.xx.xx auth-port 1812 acct-port 1813

!

aaa group server radius portsec

server xx.xx.xx.xx auth-port 1645 acct-port 1646

server xx.xx.xx.xx auth-port 1645 acct-port 1646

The command "radius server key xxxx" does not appear in the running config unless radius-server hosts are defined, e.g.:

"radius-server host xx.xx.xx.xx auth-port 1812 acct-port 1813 key xxxx"

2 REPLIES
New Member

Re: specifying keys for multiple radius server groups

That is how you do it by specifying the radius server hosts.

1.

Specifies and defines the IP address of the server host before configuring the AAA server-group.

Router(config)# radius-server host

{hostname | ip-address} [auth-port port-number] [acct-port port-number] [timeout seconds] [retransmit retries] [key string] [alias {hostname | ip address}]

2.

Defines the AAA server group with a group name. All members of a group must be the same type;

Router(config-if)# aaa group server

{radius | tacacs+} group-name

3.

Associates a particular RADIUS server with the defined server group. Each security server is identified by its IP address and UDP port number.

Repeat this step for each RADIUS server in the AAA server group.

Router(config-sg)# server ip-address

[auth-port port-number] [acct-port port-number]

Let me know if it doesnt work.

SD

New Member

Re: specifying keys for multiple radius server groups

Ahhh, works as advertised. Thanks much. As usual, the docs make more sense after things work rather than while you're trying to figure out what they are actually saying.

Cheers!

--Scott

139
Views
5
Helpful
2
Replies