Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Hall of Fame Super Silver

Trying to authenticate managment users via IAS Radius

I'm trying to setup my switches to authenticate users via Microsoft IAS to allow for management. I have followed may links I have found on the web, but I get a failure for some reason.

IAS shows the user has been granted access but the switch shows % Authentication failed.

I have this setup on one of my switches:

aaa new-model

aaa authentication login default group radius local

aaa session-id common

radius-server host 10.52.10.4 auth-port 1812 acct-port 1813

radius-server key test

line vty 0 15

login authentication default

On the IAS remote policy I created, on the Advanced tab, I have tried to set the service-type to login and to Administrative. Also tried to add the cisco-av-pair for shell:priv-lvl=15 and tried using vedor specific, but no go.

I have looked at these links but still no go:

http://www.forum.persianadmins.com/showthread.php?p=3017

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=AAA&topicID=.ee6e1fe&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc1d598

-Scott
*** Please rate helpful posts ***
3 REPLIES

Re: Trying to authenticate managment users via IAS Radius

I would try to run "debug radius" and see if you can get anything from that.

HTH,

John

HTH, John *** Please rate all useful posts ***
New Member

Re: Trying to authenticate managment users via IAS Radius

I have used this tool extensively - Please download the test tool from this site to test the user http://www.evolynx.com/radius/dl_loadtest.aspx.

Mat

Hall of Fame Super Silver

Re: Trying to authenticate managment users via IAS Radius

Thanks for the link.... here is the debug from the switch and I will attach the IAS settings as well.

-Scott
*** Please rate helpful posts ***
137
Views
3
Helpful
3
Replies
CreatePlease to create content