https://community.cisco.com/t5/wireless/radius-authentication/m-p/655424#M69797 <P>hello there,</P><P></P><P>someone could you tell me how it works?</P><P>aaa group server radius infrastructure</P><P> server 10.236.0.163 auth-port 1645 acct-port 1646</P><P> server 10.238.2.8 auth-port 1812 acct-port 1813</P><P></P><P></P><P>10.236.0.163 is my ACS</P><P>10.238.2.8 is my AP root bridge</P><P></P><P>my dout is, why are they using differents ports and why I scanned 10.238.2.8, I don' t sse any port opened.</P><P></P><P>kind Regards</P> Sat, 03 Jul 2021 20:25:44 GMT santos.alberto 2021-07-03T20:25:44Z https://community.cisco.com/t5/wireless/radius-authentication/m-p/655424#M69797 <P>hello there,</P><P></P><P>someone could you tell me how it works?</P><P>aaa group server radius infrastructure</P><P> server 10.236.0.163 auth-port 1645 acct-port 1646</P><P> server 10.238.2.8 auth-port 1812 acct-port 1813</P><P></P><P></P><P>10.236.0.163 is my ACS</P><P>10.238.2.8 is my AP root bridge</P><P></P><P>my dout is, why are they using differents ports and why I scanned 10.238.2.8, I don' t sse any port opened.</P><P></P><P>kind Regards</P> Sat, 03 Jul 2021 20:25:44 GMT https://community.cisco.com/t5/wireless/radius-authentication/m-p/655424#M69797 santos.alberto 2021-07-03T20:25:44Z https://community.cisco.com/t5/wireless/radius-authentication/m-p/655425#M69798 <HTML><HEAD></HEAD><BODY><P>Ports 1645 &amp; 1646 and ports 1812 and 1813 are all valid RADIUS ports. </P><P></P><P>1645 and 1812 are authentication / authorization ports </P><P></P><P>1646 and 1813 are accounting ports (who's on, how long, what did they do)</P><P></P><P>The two servers may be using the different port ranges to split the load, offer more authentication / accounting options ... no telling why, but it appears to be valid.</P><P></P><P>Scanning the AP/Root bridge would be the same effect as scanning a switch (or a chunk of wire) ... it's only infrastructure. </P><P></P><P>If anything, you'd scan 10.238.2.8 (the ACS server) or one of the RADIUS boxes; they are platforms and would have the open ports).</P><P></P><P>An AP or bridge is a Layer two device (at best) and don't know anything about Layer 3 ports. </P><P></P><P>Good Luck</P><P></P><P>Scott</P><P> </P></BODY></HTML> Thu, 28 Dec 2006 17:53:58 GMT https://community.cisco.com/t5/wireless/radius-authentication/m-p/655425#M69798 scottmac 2006-12-28T17:53:58Z https://community.cisco.com/t5/wireless/radius-authentication/m-p/655426#M69799 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>ACS default Auth/Acct ports for RADIUS are 1645/1646.</P><P></P><P>Aironet AP running IOS that supports "Local RADIUS" default Auth/Acct ports are 1812/1813.</P><P></P><P>My guess is that your AP was configured (at least partially) to support LEAP authentication of 'infrastructure' devices (e.g. AP's in a WDS infrastructure). Hence the server group named "infrastructure" and the configuration of the AP itself as a RADIUS Server.</P><P></P><P>The full configuration of the AP and details of your infrastructure might help.</P><P></P><P>Thanks,</P><P>Ben</P></BODY></HTML> Fri, 29 Dec 2006 20:30:08 GMT https://community.cisco.com/t5/wireless/radius-authentication/m-p/655426#M69799 Benjamin Solero 2006-12-29T20:30:08Z https://community.cisco.com/t5/wireless/radius-authentication/m-p/655427#M69800 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The original RFC for radius issued ports 1645/1646 which conflicted with the datametrics service. Because of this RFC 2865 officially assigned port numbers 1812/1813 for RADIUS.</P><P></P><P>So, what you have here is simply two radius servers (probably for redundancy) listening on different ports.</P><P></P><P>The following tech note has more detail:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800945cc.shtml" target="_blank">http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800945cc.shtml</A></P><P></P><P>HTH</P><P>Andrew.</P></BODY></HTML> Tue, 02 Jan 2007 12:48:12 GMT https://community.cisco.com/t5/wireless/radius-authentication/m-p/655427#M69800 andrew.burns 2007-01-02T12:48:12Z https://community.cisco.com/t5/wireless/radius-authentication/m-p/655428#M69801 <HTML><HEAD></HEAD><BODY><P>radius works via udp. Most port scanners only handle TCP.</P></BODY></HTML> Thu, 30 Aug 2007 19:14:34 GMT https://community.cisco.com/t5/wireless/radius-authentication/m-p/655428#M69801 brent-miller 2007-08-30T19:14:34Z