取消
显示结果 
搜索替代 
您的意思是: 
cancel
11505
查看次数
38
有帮助
6
回复

15.2(4)E8下无法配置radius-server host

magicyang
Level 1
Level 1
本帖最后由 yuanheeyss 于 2020-5-28 06:39 编辑
2960X交换机IOS版本如下:
CCMasterRoom-3#sh version
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(4)E8, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2019 by Cisco Systems, Inc.
Compiled Fri 15-Mar-19 10:55 by prod_rel_team
ROM: Bootstrap program is C2960X boot loader
BOOTLDR: C2960X Boot Loader (C2960X-HBOOT-M) Version 15.2(4r)E3, RELEASE SOFTWARE (fc4)
CCMasterRoom-3 uptime is 3 weeks, 2 days, 13 hours, 31 minutes
System returned to ROM by power-on
System restarted at 08:45:52 UTC Mon May 4 2020
System image file is "flash:/c2960x-universalk9-mz.152-4.E8/c2960x-universalk9-mz.152-4.E8.bin"
AAA new-model已开启,设置radius服务器时,radius-server 后边无法接host:
CCMasterRoom-3(config)#radius-server ?
accounting Accounting information configuration
attribute Customize selected radius attributes
authorization Authorization processing information
backoff Retry backoff pattern(Default is retransmits with constant delay)
cache AAA auth cache default server group
challenge-noecho Data echoing to screen is disabled during Access-Challenge
configure-nas Attempt to upload static routes and IP pools at startup
dead-criteria Set the criteria used to decide when a radius server is marked dead
deadtime Time to stop using a server that doesn't respond
directed-request Allow user to specify radius server to use with `@server'
domain-stripping Strip the domain from the username
load-balance Radius load-balancing options.
optional-passwords The first RADIUS request can be made without requesting a password
retransmit Specify the number of retries to active server
retry Specify how the next packet is sent after timeout.
source-ports source ports used for sending out RADIUS requests
throttle Throttle requests to radius server
timeout Time to wait for a RADIUS server to reply
transaction Specify per-transaction parameters
unique-ident Higher order bits of Acct-Session-Id
vsa Vendor specific attribute configuration
是IOS版本的限制,还是有前置配置我没有开启
6 条回复6

robortlin
Spotlight
Spotlight
radius server xxx
address ipv4 x.x.x.x auth-port 1645 acct-port 1646
key xxxx
试试这个

大佬,刚才搜到这个帖子,对我很有帮助,请问一下为什么我的2960以及2960X配置完成后,logging只显示Mac认证失败的消息,而认证成功可以通讯的,logging里边没有认证成功的消息1.png

你好,看到你的截图radius-Server后面可以跟host啊。可以配置。
参考示例:
Switch(config)# radius-server host 172.20.0.1 auth-port 1000 acct-port 1001
Switch(config)# radius-server host 172.10.0.1 auth-port 1645 acct-port 1646
Switch(config)# aaa new-model
Switch(config)# aaa group server radius group1
Switch(config-sg-radius)# server 172.20.0.1 auth-port 1000 acct-port 1001
Switch(config-sg-radius)# exit
Switch(config)# aaa group server radius group2
Switch(config-sg-radius)# server 172.20.0.1 auth-port 2000 acct-port 2001
Switch(config-sg-radius)# exit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

magicyang
Level 1
Level 1
1540488497lcj 发表于 2020-5-28 11:07
你好,看到你的截图radius-Server后面可以跟host啊。可以配置。
参考示例:

截图是另外一台设备的,我是和我帖子里边的内容在做比较。之前的都是可以配,新设备接HOST就会报错,命令错误,我使用了二楼的方法,成功了

magicyang
Level 1
Level 1
robortlin 发表于 2020-5-28 08:51
radius server xxx
address ipv4 x.x.x.x auth-port 1645 acct-port 1646
key xxxx

非常感谢!

BSdbs51448
Level 1
Level 1
robortlin 发表于 2020-5-28 08:51
radius server xxx
address ipv4 x.x.x.x auth-port 1645 acct-port 1646
key xxxx

你好 根據你的命令radius-Server配置成功了,但是驗證不過去端口命令可以給一份嗎
%MAB-5-FAIL: Authentication failed for client (2c27.d724.a977) on Interface Gi0/11 AuditSessionID 0A43070E0000001B0497C852
快捷链接