https://community.cisco.com/t5/network-access-control/trouble-with-quot-radius-server-local-quot/m-p/4403436#M567318 <P>I told a cisco router to</P><P>aaa authentication login test group radius</P><P>radius server test<BR />address ipv4 192.168.1.158 auth-port 1812 acct-port 1813<BR />key cisco</P><P>and the</P><P>line vty 0 4</P><P>to</P><P>login authentication test</P><P>&nbsp;</P><P>the AP is setup for users test/test and testa/test. I was able to telnet into the router with test/test but failed with bad password on testa/test same I was getting with&nbsp;<SPAN>radtest.</SPAN></P> Sat, 15 May 2021 06:38:22 GMT kundarsa 2021-05-15T06:38:22Z https://community.cisco.com/t5/network-access-control/trouble-with-quot-radius-server-local-quot/m-p/4403422#M567317 <P>aaa new-model</P><P>radius-server local<BR />nas 192.168.51.175 key 0 cisco<BR />user test password test<BR />user testa password test</P><P>&nbsp;</P><P>When I create a local radius server I am unable to test it with the free radius tool radtest</P><P>freeRadius:~# radtest -t pap test test 192.168.51.194 1812 cisco<BR />Sent Access-Request Id 54 from 0.0.0.0:41741 to 192.168.51.194:1812 length 74<BR />User-Name = "test"<BR />User-Password = "test"<BR />NAS-IP-Address = 192.168.51.175<BR />NAS-Port = 1812<BR />Message-Authenticator = 0x00<BR />Cleartext-Password = "test"<BR />Received Access-Accept Id 54 from 192.168.51.194:1812 to 192.168.51.175:41741 length 88<BR />State = 0x26c26313708f5aa500000000000000000000000000000000000000000000000021d94e478d5721d843697c90d24f6cd5<BR />Message-Authenticator = 0x64d787d5073d2d69af4d7e359551d890</P><P>&nbsp;</P><P>however when i try testa</P><P>freeRadius:~# radtest -t pap testa test 192.168.51.194 1812 cisco<BR />Sent Access-Request Id 160 from 0.0.0.0:34508 to 192.168.51.194:1812 length 75<BR />User-Name = "testa"<BR />User-Password = "test"<BR />NAS-IP-Address = 192.168.51.175<BR />NAS-Port = 1812<BR />Message-Authenticator = 0x00<BR />Cleartext-Password = "test"<BR />Received Access-Reject Id 160 from 192.168.51.194:1812 to 192.168.51.175:34508 length 88<BR />State = 0x26c26313708f5aa500000000000000000000000000000000000000000000000021d94e478d5721d843697c90d24f6cd5<BR />Message-Authenticator = 0x5426653560529d8a8861bb1ef630eb6f<BR />(0) -: Expected Access-Accept got Access-Reject</P><P>&nbsp;</P><P>and on the router</P><P>R1#debug radius local-server error<BR />Radius server error debugging is on<BR />R1#<BR />*Mar 1 00:50:29.179: RADSRV: Client testa password failed</P><P>&nbsp;</P><P>what I have found is that the password must be the same as the username, so it only works when user testa has the password testa.</P><P>&nbsp;</P><P>This is with a clean config, so only setting interface fa 0/0 to ip address dhcp, no shut, and the above commands were run on the router. I have tried this on access points as well version 12 and 15. will test other cisco hardware as a client instead of the freeradius tools but i cant see the freeradius tools deviating from the RFC's.</P> Sat, 15 May 2021 05:17:37 GMT https://community.cisco.com/t5/network-access-control/trouble-with-quot-radius-server-local-quot/m-p/4403422#M567317 kundarsa 2021-05-15T05:17:37Z https://community.cisco.com/t5/network-access-control/trouble-with-quot-radius-server-local-quot/m-p/4403436#M567318 <P>I told a cisco router to</P><P>aaa authentication login test group radius</P><P>radius server test<BR />address ipv4 192.168.1.158 auth-port 1812 acct-port 1813<BR />key cisco</P><P>and the</P><P>line vty 0 4</P><P>to</P><P>login authentication test</P><P>&nbsp;</P><P>the AP is setup for users test/test and testa/test. I was able to telnet into the router with test/test but failed with bad password on testa/test same I was getting with&nbsp;<SPAN>radtest.</SPAN></P> Sat, 15 May 2021 06:38:22 GMT https://community.cisco.com/t5/network-access-control/trouble-with-quot-radius-server-local-quot/m-p/4403436#M567318 kundarsa 2021-05-15T06:38:22Z