Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot login to the Cisco Catalyst 6500 Series switch, and the RADIUS authentication server cannot authenticate users

Core issue

This issue occurs due to the presence of Cisco bug ID CSCse02550.

On the Supervisor 720B in the Cisco Catalyst 6509 Switch, users try to login to the switch through authentication against a Remote Authentication Dial-In User Service (RADIUS) server. The RADIUS server is located on the inside interface of the switch. The setup works fine for the Terminal Access Controller Access Control System (TACACS) server on the Cisco 7206VXR Router. However, per virtual route forwarding (per-VRF) TACACS support is not in the Cisco Catalyst 6500 software.

The per-VRF RADIUS is supported in Cisco Catalyst 6500 software.

Resolution

As a workaround, configure the RADIUS source-loopback in global configuration mode rather than as part of the authentication server group.

In order to achieve this, configure the ip radius source-interface <  lo1  > vrf  < vrf1 > command.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:08 PM
Updated by:
 
Labels (1)
Everyone's tags (4)
Comments
New Member

Also if achievable via the aaa group server command.

Example:

aaa group server radius example_group (unique name for example)

server-private 10.10.10.10 auth-port 1645 acct-port 1646 key "Insert Key"

server-private ..... (add another server)

ip vrf forwarding "name of vrf"

ip radius source-interface vlan10 (or whatever vlan associated with vrf)

exit above group config mode then enter:

aaa authentication login default group example_group local enable

aaa authentication enable default group example_group enable

aaa authourization console

aaa authorization exec default group example_group if-authenticated