https://community.cisco.com/t5/network-access-control/radius-and-windows-server-2008/m-p/1162012#M373457 <P>I am trying to use Radius for Port-Security on a Catalyst 3560; the Radius-Server is a Windows Server/2008.</P><P></P><P>I am not able to get authenticating.</P><P></P><P>This is the Configuration of the Switch:</P><P></P><P>SW-SEDE#sh run</P><P>Building configuration...</P><P></P><P>Current configuration : 2845 bytes</P><P>!</P><P>version 12.2</P><P>no service pad</P><P>service timestamps debug uptime</P><P>service timestamps log uptime</P><P>no service password-encryption</P><P>!</P><P>hostname SW-SEDE</P><P>!</P><P>enable password cisco</P><P>!</P><P>username cisco privilege 15 password 0 cisco</P><P>aaa new-model</P><P>aaa authentication dot1x default group radius</P><P>aaa authorization network default group radius</P><P>aaa accounting network default start-stop group radius</P><P>!</P><P>aaa session-id common</P><P>ip subnet-zero</P><P>ip routing</P><P>!</P><P>!</P><P>!</P><P>!</P><P>dot1x system-auth-control</P><P>no file verify auto</P><P>spanning-tree mode pvst</P><P>spanning-tree extend system-id</P><P>!</P><P>vlan internal allocation policy ascending</P><P>!</P><P>interface GigabitEthernet0/1</P><P> switchport mode access</P><P>!</P><P>(omissis)</P><P>!</P><P>interface GigabitEthernet0/12</P><P> switchport mode access</P><P> dot1x pae authenticator</P><P> dot1x port-control auto</P><P>!</P><P>(omissis)</P><P>!</P><P>interface Vlan1</P><P> description VLAN-DEFAULT</P><P> ip address 192.168.1.254 255.255.255.0</P><P>!</P><P>interface Vlan2</P><P> description VLAN-2</P><P> ip address 192.168.2.254 255.255.255.0</P><P>!</P><P>interface Vlan3</P><P> description RESTRICTED</P><P> ip address 192.168.3.254 255.255.255.0</P><P>!</P><P>interface Vlan99</P><P> description VLAN-Router</P><P> ip address 192.168.99.1 255.255.255.0</P><P>!</P><P>ip default-gateway 192.168.99.254</P><P>ip classless</P><P>ip route 0.0.0.0 0.0.0.0 192.168.99.254</P><P>ip http server</P><P>!</P><P>radius-server cache expiry 1</P><P>radius-server host 192.168.1.11 auth-port 1812 acct-port 1813</P><P>radius-server key tantovalagattaallardoche</P><P>!</P><P>control-plane</P><P>!</P><P></P><P></P><P>And this is the DEBUG output:</P><P></P><P>16:31:52: AAA/BIND(00000018): Bind i/f</P><P>16:31:52: AAA/AUTHEN/19 (00000018): Pick method list 'default'</P><P>16:31:52: RADIUS: AAA Unsupported [161] 19</P><P>16:31:52: RADIUS: 47 69 67 61 62 69 74 45 74 68 65 72 6E 65 74 30 [GigabitEthernet0]</P><P>16:31:52: RADIUS: 2F [/]</P><P>16:31:52: RADIUS(00000018): Storing nasport 50012 in rad_db</P><P>16:31:52: RADIUS(00000018): Config NAS IP: 0.0.0.0</P><P>16:31:52: RADIUS/ENCODE(00000018): acct_session_id: 22872064</P><P>16:31:52: RADIUS(00000018): sending</P><P>16:31:52: RADIUS/ENCODE: Best Local IP-Address 192.168.1.254 for Radius-Server 192.168.1.11</P><P>16:31:52: RADIUS(00000018): Send Access-Request to 192.168.1.11:1812 id 21645/28, len 127</P><P>16:31:52: RADIUS: authenticator 7D 49 7D A6 E3 2F AD 22 - 8E E2 8F A8 55 95 6E AA</P><P>16:31:52: RADIUS: User-Name [1] 8 "user01"</P><P>16:31:52: RADIUS: Service-Type [6] 6 Framed [2]</P><P>16:31:52: RADIUS: Framed-MTU [12] 6 1500</P><P>16:31:52: RADIUS: Called-Station-Id [30] 19 "00-1B-0C-8F-93-0C"</P><P>16:31:52: RADIUS: Calling-Station-Id [31] 19 "00-09-6B-0C-86-9F"</P><P>16:31:52: RADIUS: EAP-Message [79] 13</P><P>16:31:52: RADIUS: 02 02 00 0B 01 75 73 65 72 30 31 [?????user01]</P><P>16:31:52: RADIUS: Message-Authenticato[80] 18</P><P>16:31:52: RADIUS: E8 D5 38 63 79 AF 23 B6 9E 75 9D 6E 2E 18 DE EB [??8cy?#??u?n.???]</P><P>16:31:52: RADIUS: NAS-Port [5] 6 50012</P><P>16:31:52: RADIUS: NAS-Port-Type [61] 6 Eth [15]</P><P>16:31:52: RADIUS: NAS-IP-Address [4] 6 192.168.1.254</P><P>16:31:58: RADIUS: Retransmit to (192.168.1.11:1812,1813) for id 21645/28</P><P>16:32:04: RADIUS: Retransmit to (192.168.1.11:1812,1813) for id 21645/28</P><P>16:32:09: RADIUS: Retransmit to (192.168.1.11:1812,1813) for id 21645/28</P><P>16:32:15: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.1.11:1812,1813 is not responding.</P><P>16:32:15: %RADIUS-4-RADIUS_ALIVE: RADIUS server 192.168.1.11:1812,1813 has returned.</P><P>16:32:15: RADIUS: No response from (192.168.1.11:1812,1813) for id 21645/28</P><P>16:32:15: RADIUS/DECODE: parse response no app start; FAIL</P><P>16:32:15: RADIUS/DECODE: parse response; FAIL</P><P></P><P>Some HELP?</P> Sun, 10 Mar 2019 23:25:26 GMT battanc 2019-03-10T23:25:26Z https://community.cisco.com/t5/network-access-control/radius-and-windows-server-2008/m-p/1162012#M373457 <P>I am trying to use Radius for Port-Security on a Catalyst 3560; the Radius-Server is a Windows Server/2008.</P><P></P><P>I am not able to get authenticating.</P><P></P><P>This is the Configuration of the Switch:</P><P></P><P>SW-SEDE#sh run</P><P>Building configuration...</P><P></P><P>Current configuration : 2845 bytes</P><P>!</P><P>version 12.2</P><P>no service pad</P><P>service timestamps debug uptime</P><P>service timestamps log uptime</P><P>no service password-encryption</P><P>!</P><P>hostname SW-SEDE</P><P>!</P><P>enable password cisco</P><P>!</P><P>username cisco privilege 15 password 0 cisco</P><P>aaa new-model</P><P>aaa authentication dot1x default group radius</P><P>aaa authorization network default group radius</P><P>aaa accounting network default start-stop group radius</P><P>!</P><P>aaa session-id common</P><P>ip subnet-zero</P><P>ip routing</P><P>!</P><P>!</P><P>!</P><P>!</P><P>dot1x system-auth-control</P><P>no file verify auto</P><P>spanning-tree mode pvst</P><P>spanning-tree extend system-id</P><P>!</P><P>vlan internal allocation policy ascending</P><P>!</P><P>interface GigabitEthernet0/1</P><P> switchport mode access</P><P>!</P><P>(omissis)</P><P>!</P><P>interface GigabitEthernet0/12</P><P> switchport mode access</P><P> dot1x pae authenticator</P><P> dot1x port-control auto</P><P>!</P><P>(omissis)</P><P>!</P><P>interface Vlan1</P><P> description VLAN-DEFAULT</P><P> ip address 192.168.1.254 255.255.255.0</P><P>!</P><P>interface Vlan2</P><P> description VLAN-2</P><P> ip address 192.168.2.254 255.255.255.0</P><P>!</P><P>interface Vlan3</P><P> description RESTRICTED</P><P> ip address 192.168.3.254 255.255.255.0</P><P>!</P><P>interface Vlan99</P><P> description VLAN-Router</P><P> ip address 192.168.99.1 255.255.255.0</P><P>!</P><P>ip default-gateway 192.168.99.254</P><P>ip classless</P><P>ip route 0.0.0.0 0.0.0.0 192.168.99.254</P><P>ip http server</P><P>!</P><P>radius-server cache expiry 1</P><P>radius-server host 192.168.1.11 auth-port 1812 acct-port 1813</P><P>radius-server key tantovalagattaallardoche</P><P>!</P><P>control-plane</P><P>!</P><P></P><P></P><P>And this is the DEBUG output:</P><P></P><P>16:31:52: AAA/BIND(00000018): Bind i/f</P><P>16:31:52: AAA/AUTHEN/19 (00000018): Pick method list 'default'</P><P>16:31:52: RADIUS: AAA Unsupported [161] 19</P><P>16:31:52: RADIUS: 47 69 67 61 62 69 74 45 74 68 65 72 6E 65 74 30 [GigabitEthernet0]</P><P>16:31:52: RADIUS: 2F [/]</P><P>16:31:52: RADIUS(00000018): Storing nasport 50012 in rad_db</P><P>16:31:52: RADIUS(00000018): Config NAS IP: 0.0.0.0</P><P>16:31:52: RADIUS/ENCODE(00000018): acct_session_id: 22872064</P><P>16:31:52: RADIUS(00000018): sending</P><P>16:31:52: RADIUS/ENCODE: Best Local IP-Address 192.168.1.254 for Radius-Server 192.168.1.11</P><P>16:31:52: RADIUS(00000018): Send Access-Request to 192.168.1.11:1812 id 21645/28, len 127</P><P>16:31:52: RADIUS: authenticator 7D 49 7D A6 E3 2F AD 22 - 8E E2 8F A8 55 95 6E AA</P><P>16:31:52: RADIUS: User-Name [1] 8 "user01"</P><P>16:31:52: RADIUS: Service-Type [6] 6 Framed [2]</P><P>16:31:52: RADIUS: Framed-MTU [12] 6 1500</P><P>16:31:52: RADIUS: Called-Station-Id [30] 19 "00-1B-0C-8F-93-0C"</P><P>16:31:52: RADIUS: Calling-Station-Id [31] 19 "00-09-6B-0C-86-9F"</P><P>16:31:52: RADIUS: EAP-Message [79] 13</P><P>16:31:52: RADIUS: 02 02 00 0B 01 75 73 65 72 30 31 [?????user01]</P><P>16:31:52: RADIUS: Message-Authenticato[80] 18</P><P>16:31:52: RADIUS: E8 D5 38 63 79 AF 23 B6 9E 75 9D 6E 2E 18 DE EB [??8cy?#??u?n.???]</P><P>16:31:52: RADIUS: NAS-Port [5] 6 50012</P><P>16:31:52: RADIUS: NAS-Port-Type [61] 6 Eth [15]</P><P>16:31:52: RADIUS: NAS-IP-Address [4] 6 192.168.1.254</P><P>16:31:58: RADIUS: Retransmit to (192.168.1.11:1812,1813) for id 21645/28</P><P>16:32:04: RADIUS: Retransmit to (192.168.1.11:1812,1813) for id 21645/28</P><P>16:32:09: RADIUS: Retransmit to (192.168.1.11:1812,1813) for id 21645/28</P><P>16:32:15: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.1.11:1812,1813 is not responding.</P><P>16:32:15: %RADIUS-4-RADIUS_ALIVE: RADIUS server 192.168.1.11:1812,1813 has returned.</P><P>16:32:15: RADIUS: No response from (192.168.1.11:1812,1813) for id 21645/28</P><P>16:32:15: RADIUS/DECODE: parse response no app start; FAIL</P><P>16:32:15: RADIUS/DECODE: parse response; FAIL</P><P></P><P>Some HELP?</P> Sun, 10 Mar 2019 23:25:26 GMT https://community.cisco.com/t5/network-access-control/radius-and-windows-server-2008/m-p/1162012#M373457 battanc 2019-03-10T23:25:26Z https://community.cisco.com/t5/network-access-control/radius-and-windows-server-2008/m-p/1162013#M373528 <HTML><HEAD></HEAD><BODY><P>It seems that Radius is not responding to the request. Make sure secret key is same and there is no firewall in between blocking radius traffic.</P><P></P><P>Regards,</P><P>~JG</P></BODY></HTML> Tue, 07 Apr 2009 17:20:28 GMT https://community.cisco.com/t5/network-access-control/radius-and-windows-server-2008/m-p/1162013#M373528 Jagdeep Gambhir 2009-04-07T17:20:28Z https://community.cisco.com/t5/network-access-control/radius-and-windows-server-2008/m-p/1162014#M373582 <HTML><HEAD></HEAD><BODY><P>Also check the listening ports of your server.</P></BODY></HTML> Tue, 21 Apr 2009 07:31:42 GMT https://community.cisco.com/t5/network-access-control/radius-and-windows-server-2008/m-p/1162014#M373582 Florin Barhala 2009-04-21T07:31:42Z