ā05-02-2024 01:04 AM
Dear Community, i want to integrate DaloRadius with a switch, i have troubles authenticating. and after I set up the radius there won't be any ping between the radius server and the switch, this is what i applied on the switch:
radius-server host 11.11.11.10 auth-port 1812 acct-port 1813 key **********
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius if-authenticated
aaa accounting exec default start-stop group radius
interface range fa0/1 - 48
dot1x pae authenticator
dot1x port-control auto
exit
Your Assistance is appreciated.
ā05-02-2024 01:10 AM
You need to solve first ping between SW and radius
Show ip route
Check if the SW have IP or radius or default route in routing table
MHM
ā05-02-2024 01:12 AM
Before applying the radius config, I had ping!
ā05-02-2024 01:11 AM
Additionally every port i try to connect to stays in orange light
ā05-02-2024 01:18 AM
That can explain little if I am correct
The uplink must not config with dot1x it secure link.
Remove dot1x config from link toward radius server try ping then do
Show aaa server
See if server is appear and UP
MHM
ā05-02-2024 01:19 AM
Thanks dear, Will do
ā05-02-2024 04:36 AM
Dear,
I am using a Catalyst 3750 V2 switch and have successfully connected to the DaloRadius server. I can log into the switch with the users I created in the Radius server without any problems. Here is my current configuration:
*Mar 1 03:00:41.369: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to up Switch>en Switch#conf Switch#sh run Switch#sh running-config Building configuration... Current configuration : 5057 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Switch ! boot-start-marker boot-end-marker ! ! username admin password 0 Nexus@2022 aaa new-model ! ! aaa authentication login default group radius local aaa authorization exec default group radius if-authenticated aaa accounting exec default start-stop group radius ! ! ! aaa session-id common switch 1 provision ws-c3750v2-48ps system mtu routing 1500 ip subnet-zero ! ! ! ! ! ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! interface FastEthernet1/0/1 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/2 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/3 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/4 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/5 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/6 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/7 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/8 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/9 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/10 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/11 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/12 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/13 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/14 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/15 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/16 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/17 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/18 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/19 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/20 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/21 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/22 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/23 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/24 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/25 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/26 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/27 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/28 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/29 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/30 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/31 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/32 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/33 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/34 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/35 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/36 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/37 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/38 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/39 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/40 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/41 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/42 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/43 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/44 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/45 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/46 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/47 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/48 switchport access vlan 100 switchport mode access ! interface GigabitEthernet1/0/1 ! interface GigabitEthernet1/0/2 ! interface GigabitEthernet1/0/3 ! interface GigabitEthernet1/0/4 ! interface Vlan1 no ip address ! interface Vlan100 ip address 11.11.11.13 255.255.255.0 ip access-group INTERNET-ACCESS in ! ip classless ip http server ip http secure-server ! radius-server host 11.11.11.10 auth-port 1812 acct-port 1813 key ZhirZhir@@ ! control-plane ! ! line con 0 line vty 5 15 ! end Switch# *Mar 1 03:00:41.369: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to up Switch>en Switch#conf Switch#sh run Switch#sh running-config Building configuration... Current configuration : 5057 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Switch ! boot-start-marker boot-end-marker ! ! username admin password 0 Nexus@2022 aaa new-model ! ! aaa authentication login default group radius local aaa authorization exec default group radius if-authenticated aaa accounting exec default start-stop group radius ! ! ! aaa session-id common switch 1 provision ws-c3750v2-48ps system mtu routing 1500 ip subnet-zero ! ! ! ! ! ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! interface FastEthernet1/0/1 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/2 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/3 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/4 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/5 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/6 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/7 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/8 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/9 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/10 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/11 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/12 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/13 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/14 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/15 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/16 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/17 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/18 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/19 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/20 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/21 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/22 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/23 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/24 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/25 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/26 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/27 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/28 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/29 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/30 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/31 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/32 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/33 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/34 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/35 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/36 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/37 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/38 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/39 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/40 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/41 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/42 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/43 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/44 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/45 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/46 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/47 switchport access vlan 100 switchport mode access ! interface FastEthernet1/0/48 switchport access vlan 100 switchport mode access ! interface GigabitEthernet1/0/1 ! interface GigabitEthernet1/0/2 ! interface GigabitEthernet1/0/3 ! interface GigabitEthernet1/0/4 ! interface Vlan1 no ip address ! interface Vlan100 ip address 11.11.11.13 255.255.255.0 ip access-group INTERNET-ACCESS in ! ip classless ip http server ip http secure-server ! radius-server host 11.11.11.10 auth-port 1812 acct-port 1813 key ZhirZhir@@ ! control-plane ! ! line con 0 line vty 5 15 ! end Switch#
Now, I want to grant or restrict access to the end users connected to the same switch. I really have no idea where to begin. Essentially, I want any user (or an AP) that is connected to this switch to have their access controlled by the Radius server, similar to how ISPs or hotels operate.
Thank you for your assistance, it is greatly appreciated.
ā05-02-2024 04:08 AM
couple of things not clear ?
what Cisco device is this ?
what IOS code running ?
are you trying dot1.x deploying using Dalo radius ?
or is this for device authentication ?
I have used opensource freeradius before it works find most of the switches of cisco - depends on what you looking achieve :
Freeradius have good examples :
ā05-02-2024 04:33 AM
Dear,
I am using a Catalyst 3750 V2 switch and have successfully connected to the DaloRadius server. I can log into the switch with the users I created in the Radius server without any problems. Here is my current configuration:
*Mar 1 03:00:41.369: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to up
Switch>en
Switch#conf
Switch#sh run
Switch#sh running-config
Building configuration...
Current configuration : 5057 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
username admin password 0 Nexus@2022
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius if-authenticated
aaa accounting exec default start-stop group radius
!
!
!
aaa session-id common
switch 1 provision ws-c3750v2-48ps
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet1/0/1
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/2
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/3
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/4
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/5
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/6
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/7
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/8
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/9
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/10
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/11
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/12
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/13
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/14
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/15
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/16
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/17
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/18
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/19
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/20
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/21
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/22
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/23
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/24
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/25
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/26
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/27
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/28
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/29
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/30
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/31
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/32
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/33
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/34
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/35
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/36
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/37
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/38
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/39
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/40
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/41
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/42
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/43
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/44
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/45
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/46
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/47
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/48
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface Vlan1
no ip address
!
interface Vlan100
ip address 11.11.11.13 255.255.255.0
ip access-group INTERNET-ACCESS in
!
ip classless
ip http server
ip http secure-server
!
radius-server host 11.11.11.10 auth-port 1812 acct-port 1813 key ZhirZhir@@
!
control-plane
!
!
line con 0
line vty 5 15
!
end
Switch#
*Mar 1 03:00:41.369: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to up
Switch>en
Switch#conf
Switch#sh run
Switch#sh running-config
Building configuration...
Current configuration : 5057 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
username admin password 0 Nexus@2022
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius if-authenticated
aaa accounting exec default start-stop group radius
!
!
!
aaa session-id common
switch 1 provision ws-c3750v2-48ps
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet1/0/1
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/2
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/3
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/4
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/5
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/6
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/7
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/8
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/9
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/10
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/11
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/12
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/13
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/14
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/15
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/16
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/17
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/18
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/19
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/20
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/21
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/22
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/23
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/24
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/25
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/26
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/27
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/28
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/29
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/30
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/31
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/32
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/33
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/34
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/35
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/36
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/37
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/38
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/39
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/40
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/41
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/42
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/43
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/44
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/45
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/46
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/47
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/48
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface Vlan1
no ip address
!
interface Vlan100
ip address 11.11.11.13 255.255.255.0
ip access-group INTERNET-ACCESS in
!
ip classless
ip http server
ip http secure-server
!
radius-server host 11.11.11.10 auth-port 1812 acct-port 1813 key ZhirZhir@@
!
control-plane
!
!
line con 0
line vty 5 15
!
end
Switch#
Now, I want to grant or restrict access to the end users connected to the same switch. I really have no idea where to begin. Essentially, I want any user (or an AP) that is connected to this switch to have their access controlled by the Radius server, similar to how ISPs or hotels operate.
Thank you for your assistance, it is greatly appreciated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide