I am trying to set up my routers with Radius authentication to a Windows 2000 server running IAS and Routing and Remote Access. I thought I had everything set up but it is not working. Here is my router config:
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
logging buffered 8000 debugging
no logging console
aaa authentication login default group radius local
The router is not configured for remote-access yet. Also i don't see ports on the router other then AUX port (as per show run posted) which can be used for dialin remote-access. So only you can use aux port for exec dialin or PPP dialin and authentication via radius.
Pl. explain what exactly you want use this router for rempte-access. Also explain what is not working at this point so that we can help you to get it going.
All I want to do is have telnet sessions to my routers be authenticated by a Radius server. We have set up a Windows 2000 server with ISA and RAS with a NT user group that includes all the people that are allowed to access the routers. The NT user group is named Router-Admins.
We only want telnet sessions authenticated because most of our equipment is locked up so we are not worried about anyone gaining physical access. People are not actually 'dialing in' per se, we are just telnetting from workstations throughout the infrastructure.
For telnet access to the router authenticated by radius, router is configured correctly.
As per debug, you can see that the router is sending the authentication request to radius server for user "fraaschjm" but i think the radius server is rejecting a users authentication as we see status=FAIL. So i think the radius server is not configured to authenticate user "fraaschjm" OR the username or password is wrong. So i think you need to fix the radius server for that.
"Debug radius" with "debug aaa authentication" will show the exact cause of failure from radius.
Well, I finally got it to work and it was a Homer (DUH!).
My NT user dialin properties were not set. I finally went to the event viewer on my Radius NT server and saw that I did not have dial-in capabilities to the network. Needless to say, a few mouse clicks later I had configured myself to be a remote access user and things have gone smoothly ever since.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...