06-12-2014 01:21 PM
Hi,
I've spent about 8 hours trying to figure out why my SG300 is not communicating with the NPS server for Radius 802.1x wired authentication.
The SG300 is brand new. I factory reset it and configured a static IP. After that I configured Radius as per the manual. I see no communication taking place between the Windows 2012 server and the switch. The server firewall is off and the server directly connects to the SG300 switch.
I'm only testing with one port (port 1) set to Auto.
This is the log when I connect the laptop that is supposed to authenticate with Windows Server 2012 NPS via Radius
2147483642 | 2014-Jan-12 19:14:29 | Warning | %STP-W-PORTSTATUS: gi1: STP status Forwarding |
2147483643 | 2014-Jan-12 19:14:25 | Informational | %LINK-I-Up: Vlan 10 |
2147483644 | 2014-Jan-12 19:14:25 | Informational | %LINK-I-Up: gi1 |
Radius Server ports match the server entry on Cisco. I've tried 1812/1813 and 1645/1646.
I've checked for RADIUS traffic using Wireshark and I see none. :(
Here is the config for the switch:
config-file-header
switch192437
v1.3.7.18 / R750_NIK_1_35_647_358
CLI v1.0
set system mode switch
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 10
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
dot1x system-auth-control
dot1x traps authentication failure 802.1x
dot1x traps authentication success 802.1x
hostname switch192437
encrypted radius-server key I2M2eJH2YYXToxz5eMNjsSNVazNUQjFgCJ/g1RbIB+x1FIBscccijeyuu99Flu9CT5Syy01GBcH1SP0ebXn/AfZcrMTJy/B2JXJTghWTf6iKkZSt5gAXaOuKZ8u6t2sK
radius-server host 192.168.50.14 auth-port 1645 acct-port 1646 priority 1 usage dot1.x
radius-server timeout 5
aaa accounting dot1x start-stop group radius
aaa accounting login start-stop group radius
username cisco password encrypted 2dfcb56b6e9a11f11eea5681bca745234ed13f41 privilege 15
ip ssh server
ip ssh password-auth
snmp-server server
ip name-server 192.168.50.205
!
interface vlan 1
ip address 192.168.50.246 255.255.255.0
no ip address dhcp
!
interface vlan 10
name "VLAN10"
dot1x guest-vlan
!
interface gigabitethernet1
dot1x guest-vlan enable
dot1x port-control auto
!
exit
ip default-gateway 192.168.50.1
encrypted ip ssh-client key rsa key-pair
06-12-2014 01:30 PM
Hi, it may be possible you do not have the RADIUS priority configured correctly. I think your local log in is taking precedent. You may want to check the log in order to ensure is local to the second to RADIUS
06-12-2014 05:07 PM
No change. I made RADIUS first type for HTTPS management and now I can't login via HTTPS. No events on the server showing authentication attempts.
12-13-2014 01:04 PM
Did you find a solution?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide