04-18-2022 12:20 PM - last edited on 08-10-2022 01:49 PM by Paul Zimmerman
I have aaa authentication with radius to a Windows NPS server along with the Azure MFA dll extension.
This is working and I am able to login via SSH but it isn't working for HTTPs/Web GUI. It will continuously prompt for user/pw on the web.
I have enabled debug for aaa and radius and it appears to accept the response from the NPS server with "Access-Accept"
I have included the config statements and output of debug below
Config
aaa new-model ! ! aaa group server radius NPS-Servers server-private 10.x.y.158 auth-port 1812 acct-port 1813 key ######################## server-private 10.x.y.159 auth-port 1812 acct-port 1813 key ######################## ! aaa authentication login default group NPS-Servers local aaa authorization console aaa authorization exec default group NPS-Servers local if-authenticated ! aaa session-id common ! no ip http server ip http banner ip http authentication aaa login-authentication default ip http authentication aaa exec-authorization default ip http secure-server ip http secure-trustpoint domain-ca ip http session-idle-timeout 30
Debug
*Apr 18 02:47:21.888: AAA/BIND(0000000C): Bind i/f *Apr 18 02:47:21.888: AAA/ACCT/HC(0000000C): Register HTTP/08194C30 64 bit counter support not configured *Apr 18 02:47:21.888: AAA/ACCT/HC(0000000C): Update HTTP/08194C30 *Apr 18 02:47:21.888: AAA/ACCT/HC(0000000C): no HC HTTP/08194C30 *Apr 18 02:47:21.888: AAA/ACCT/EVENT/(0000000C): CALL START *Apr 18 02:47:21.889: Getting session id for NET(0000000C) : db=5767FE0 *Apr 18 02:47:21.889: AAA/ACCT(00000000): add node, session 2 *Apr 18 02:47:21.889: AAA/ACCT/NET(0000000C): add, count 1 *Apr 18 02:47:21.889: AAA/AUTHEN/LOGIN (0000000C): Pick method list 'default' *Apr 18 02:47:21.889: RADIUS/ENCODE(0000000C):Orig. component type = HTTP *Apr 18 02:47:21.889: RADIUS/ENCODE(0000000C): dropping service type, "radius-server attribute 6 on-for-login-auth" is off *Apr 18 02:47:21.889: RADIUS(0000000C): Config NAS IP: 0.0.0.0 *Apr 18 02:47:21.889: RADIUS(0000000C): Config NAS IPv6: :: *Apr 18 02:47:21.889: Getting session id for EXEC(0000000C) : db=5767FE0 *Apr 18 02:47:21.889: RADIUS/ENCODE(0000000C): acct_session_id: 2 *Apr 18 02:47:21.889: RADIUS(0000000C): sending *Apr 18 02:47:21.890: RADIUS/ENCODE: Best Local IP-Address 10.a.b.13 for Radius-Server 10.x.y.158 *Apr 18 02:47:21.890: RADIUS(0000000C): Send Access-Request to 10.x.y.158:1812 onvrf(0) id 1645/2, len 57 *Apr 18 02:47:21.890: RADIUS: authenticator 20 A6 AE 08 54 06 AE 61 - 91 82 C9 5F 8B 96 A0 D9 *Apr 18 02:47:21.890: RADIUS: User-Name [1] 7 "test-user" *Apr 18 02:47:21.890: RADIUS: User-Password [2] 18 * *Apr 18 02:47:21.890: RADIUS: NAS-Port-Type [61] 6 Virtual [5] *Apr 18 02:47:21.890: RADIUS: NAS-IP-Address [4] 6 10.a.b.13 *Apr 18 02:47:21.890: RADIUS(0000000C): Sending a IPv4 Radius Packet *Apr 18 02:47:21.891: RADIUS(0000000C): Started 5 sec timeout *Apr 18 02:47:26.124: RADIUS: Received from id 1645/2 10.x.y.158:1812, Access-Accept, len 97 *Apr 18 02:47:26.124: RADIUS: authenticator 01 3C E9 CC 92 6A 12 D4 - 1F 47 95 F3 82 6E 61 8F *Apr 18 02:47:26.124: RADIUS: Service-Type [6] 6 Login [1] *Apr 18 02:47:26.124: RADIUS: Class [25] 46 *Apr 18 02:47:26.125: RADIUS: 8B 2C 07 E3 00 00 01 37 00 01 02 00 0A FE FF 9E 00 00 00 00 00 00 00 00 00 00 00 00 01 D8 31 8C DC C2 86 5E 00 00 00 00 00 00 1E CC [ ,71^] *Apr 18 02:47:26.125: RADIUS: Vendor, Cisco [26] 25 *Apr 18 02:47:26.125: RADIUS: Cisco AVpair [1] 19 "shell:priv-lvl=15" *Apr 18 02:47:26.125: RADIUS(0000000C): Received from id 1645/2 *Apr 18 02:47:26.126: AAA/ACCT/HC(0000000C): Update HTTP/08194C30 *Apr 18 02:47:26.126: AAA/ACCT/HC(0000000C): no HC HTTP/08194C30 *Apr 18 02:47:26.127: AAA/ACCT/EVENT/(0000000C): CALL STOP *Apr 18 02:47:26.127: AAA/ACCT/CALL STOP(0000000C): Sending stop requests *Apr 18 02:47:26.127: AAA/ACCT(0000000C): Send all stops *Apr 18 02:47:26.127: AAA/ACCT/NET(0000000C): STOP *Apr 18 02:47:26.127: AAA/ACCT/NET(0000000C): Method list not found *Apr 18 02:47:26.128: AAA/ACCT(0000000C): del node, session 2 *Apr 18 02:47:26.128: AAA/ACCT/NET(0000000C): free_rec, count 0 *Apr 18 02:47:26.128: /AAA/ACCTNET(0000000C) reccnt 0, csr TRUE, osr 0 *Apr 18 02:47:26.128: AAA/ACCT/NET(0000000C): Last rec in db, intf not enqueued *Apr 18 02:47:26.128: AAA/BIND(0000000D): Bind i/f *Apr 18 02:47:26.128: AAA/ACCT/EVENT/(0000000D): CALL START *Apr 18 02:47:26.128: Getting session id for NET(0000000D) : db=8195B20 *Apr 18 02:47:26.128: AAA/ACCT(00000000): add node, session 3 *Apr 18 02:47:26.128: AAA/ACCT/NET(0000000D): add, count 1 *Apr 18 02:47:26.152: AAA/ACCT/EVENT/(0000000D): CALL STOP *Apr 18 02:47:26.152: AAA/ACCT/CALL STOP(0000000D): Sending stop requests *Apr 18 02:47:26.152: AAA/ACCT(0000000D): Send all stops *Apr 18 02:47:26.152: AAA/ACCT/NET(0000000D): STOP *Apr 18 02:47:26.152: AAA/ACCT/NET(0000000D): Method list not found *Apr 18 02:47:26.152: AAA/ACCT(0000000D): del node, session 3 *Apr 18 02:47:26.152: AAA/ACCT/NET(0000000D): free_rec, count 0 *Apr 18 02:47:26.152: /AAA/ACCTNET(0000000D) reccnt 0, csr TRUE, osr 0 *Apr 18 02:47:26.152: AAA/ACCT/NET(0000000D): Last rec in db, intf not enqueued *Apr 18 02:47:26.293: AAA/BIND(0000000E): Bind i/f *Apr 18 02:47:26.293: AAA/ACCT/HC(0000000E): Register HTTP/08194C30 64 bit counter support not configured *Apr 18 02:47:26.293: AAA/ACCT/HC(0000000E): Update HTTP/08194C30 *Apr 18 02:47:26.293: AAA/ACCT/HC(0000000E): no HC HTTP/08194C30 *Apr 18 02:47:26.293: AAA/ACCT/EVENT/(0000000E): CALL START *Apr 18 02:47:26.293: Getting session id for NET(0000000E) : db=5767FE0 *Apr 18 02:47:26.293: AAA/ACCT(00000000): add node, session 4 *Apr 18 02:47:26.293: AAA/ACCT/NET(0000000E): add, count 1 *Apr 18 02:47:26.294: AAA/AUTHEN/LOGIN (0000000E): Pick method list 'default' *Apr 18 02:47:26.294: RADIUS/ENCODE(0000000E):Orig. component type = HTTP *Apr 18 02:47:26.294: RADIUS/ENCODE(0000000E): dropping service type, "radius-server attribute 6 on-for-login-auth" is off *Apr 18 02:47:26.294: RADIUS(0000000E): Config NAS IP: 0.0.0.0 *Apr 18 02:47:26.294: RADIUS(0000000E): Config NAS IPv6: :: *Apr 18 02:47:26.294: Getting session id for EXEC(0000000E) : db=5767FE0 *Apr 18 02:47:26.294: RADIUS/ENCODE(0000000E): acct_session_id: 4 *Apr 18 02:47:26.294: RADIUS(0000000E): sending *Apr 18 02:47:26.295: RADIUS/ENCODE: Best Local IP-Address 10.a.b.13 for Radius-Server 10.x.y.158 *Apr 18 02:47:26.295: RADIUS(0000000E): Send Access-Request to 10.x.y.158:1812 onvrf(0) id 1645/3, len 57 *Apr 18 02:47:26.295: RADIUS: authenticator 0D 58 56 EE E7 11 39 0C - 21 DE 4C A0 AA 49 07 BA *Apr 18 02:47:26.295: RADIUS: User-Name [1] 7 "test-user" *Apr 18 02:47:26.295: RADIUS: User-Password [2] 18 * *Apr 18 02:47:26.295: RADIUS: NAS-Port-Type [61] 6 Virtual [5] *Apr 18 02:47:26.295: RADIUS: NAS-IP-Address [4] 6 10.a.b.13 *Apr 18 02:47:26.295: RADIUS(0000000E): Sending a IPv4 Radius Packet *Apr 18 02:47:26.295: RADIUS(0000000E): Started 5 sec timeout *Apr 18 02:47:27.559: AAA/BIND(0000000F): Bind i/f *Apr 18 02:47:27.559: AAA/ACCT/HC(0000000F): Register HTTP/081B4A90 64 bit counter support not configured *Apr 18 02:47:27.559: AAA/ACCT/HC(0000000F): Update HTTP/081B4A90 *Apr 18 02:47:27.559: AAA/ACCT/HC(0000000F): no HC HTTP/081B4A90 *Apr 18 02:47:27.559: AAA/ACCT/EVENT/(0000000F): CALL START *Apr 18 02:47:27.559: Getting session id for NET(0000000F) : db=81C6780 *Apr 18 02:47:27.559: AAA/ACCT(00000000): add node, session 5 *Apr 18 02:47:27.559: AAA/ACCT/NET(0000000F): add, count 1 *Apr 18 02:47:27.559: AAA/AUTHEN/LOGIN (0000000F): Pick method list 'default' *Apr 18 02:47:27.562: AAA/BIND(00000010): Bind i/f *Apr 18 02:47:27.562: AAA/ACCT/HC(00000010): Register HTTP/07CF50D0 64 bit counter support not configured *Apr 18 02:47:27.562: AAA/ACCT/HC(00000010): Update HTTP/07CF50D0 *Apr 18 02:47:27.562: AAA/ACCT/HC(00000010): no HC HTTP/07CF50D0 *Apr 18 02:47:27.562: AAA/ACCT/EVENT/(00000010): CALL START *Apr 18 02:47:27.562: Getting session id for NET(00000010) : db=81EBB10 *Apr 18 02:47:27.563: AAA/ACCT(00000000): add node, session 6 *Apr 18 02:47:27.563: AAA/ACCT/NET(00000010): add, count 1 *Apr 18 02:47:27.563: AAA/AUTHEN/LOGIN (00000010): Pick method list 'default' *Apr 18 02:47:27.576: RADIUS/ENCODE(0000000F):Orig. component type = HTTP *Apr 18 02:47:27.576: RADIUS/ENCODE(0000000F): dropping service type, "radius-server attribute 6 on-for-login-auth" is off *Apr 18 02:47:27.576: RADIUS(0000000F): Config NAS IP: 0.0.0.0 *Apr 18 02:47:27.576: RADIUS(0000000F): Config NAS IPv6: :: *Apr 18 02:47:27.576: Getting session id for EXEC(0000000F) : db=81C6780 *Apr 18 02:47:27.576: RADIUS/ENCODE(0000000F): acct_session_id: 5 *Apr 18 02:47:27.576: RADIUS(0000000F): sending *Apr 18 02:47:27.577: RADIUS/ENCODE(00000010):Orig. component type = HTTP *Apr 18 02:47:27.577: RADIUS/ENCODE(00000010): dropping service type, "radius-server attribute 6 on-for-login-auth" is off *Apr 18 02:47:27.577: RADIUS(00000010): Config NAS IP: 0.0.0.0 *Apr 18 02:47:27.577: RADIUS(00000010): Config NAS IPv6: :: *Apr 18 02:47:27.577: Getting session id for EXEC(00000010) : db=81EBB10 *Apr 18 02:47:27.577: RADIUS/ENCODE(00000010): acct_session_id: 6 *Apr 18 02:47:27.577: RADIUS(00000010): sending *Apr 18 02:47:27.578: RADIUS/ENCODE: Best Local IP-Address 10.a.b.13 for Radius-Server 10.x.y.158 *Apr 18 02:47:27.578: RADIUS(0000000F): Send Access-Request to 10.x.y.158:1812 onvrf(0) id 1645/4, len 57 *Apr 18 02:47:27.578: RADIUS: authenticator F5 6A 0A 9A 3E CB E2 0A - 04 B9 6D 6F 98 20 32 FD *Apr 18 02:47:27.579: RADIUS: User-Name [1] 7 "test-user" *Apr 18 02:47:27.579: RADIUS: User-Password [2] 18 * *Apr 18 02:47:27.579: RADIUS: NAS-Port-Type [61] 6 Virtual [5] *Apr 18 02:47:27.579: RADIUS: NAS-IP-Address [4] 6 10.a.b.13 *Apr 18 02:47:27.579: RADIUS(0000000F): Sending a IPv4 Radius Packet *Apr 18 02:47:27.579: RADIUS(0000000F): Started 5 sec timeout *Apr 18 02:47:27.579: RADIUS/ENCODE: Best Local IP-Address 10.a.b.13 for Radius-Server 10.x.y.158 *Apr 18 02:47:27.579: RADIUS(00000010): Send Access-Request to 10.x.y.158:1812 onvrf(0) id 1645/5, len 57 *Apr 18 02:47:27.580: RADIUS: authenticator 6C 3D 66 4A 29 FD 36 9F - A1 88 EF B8 5E C9 95 4F *Apr 18 02:47:27.580: RADIUS: User-Name [1] 7 "test-user" *Apr 18 02:47:27.580: RADIUS: User-Password [2] 18 * *Apr 18 02:47:27.580: RADIUS: NAS-Port-Type [61] 6 Virtual [5] *Apr 18 02:47:27.580: RADIUS: NAS-IP-Address [4] 6 10.a.b.13 *Apr 18 02:47:27.580: RADIUS(00000010): Sending a IPv4 Radius Packet *Apr 18 02:47:27.580: RADIUS(00000010): Started 5 sec timeout *Apr 18 02:47:27.583: AAA/BIND(00000011): Bind i/f *Apr 18 02:47:27.583: AAA/ACCT/HC(00000011): Register HTTP/081B56B0 64 bit counter support not configured *Apr 18 02:47:27.583: AAA/ACCT/HC(00000011): Update HTTP/081B56B0 *Apr 18 02:47:27.583: AAA/ACCT/HC(00000011): no HC HTTP/081B56B0 *Apr 18 02:47:27.583: AAA/ACCT/EVENT/(00000011): CALL START *Apr 18 02:47:27.583: Getting session id for NET(00000011) : db=81D8BC0 *Apr 18 02:47:27.583: AAA/ACCT(00000000): add node, session 7 *Apr 18 02:47:27.583: AAA/ACCT/NET(00000011): add, count 1 *Apr 18 02:47:27.583: AAA/AUTHEN/LOGIN (00000011): Pick method list 'default' *Apr 18 02:47:27.586: AAA/BIND(00000012): Bind i/f *Apr 18 02:47:27.586: AAA/ACCT/HC(00000012): Register HTTP/081C86A0 64 bit counter support not configured *Apr 18 02:47:27.586: AAA/ACCT/HC(00000012): Update HTTP/081C86A0 *Apr 18 02:47:27.586: AAA/ACCT/HC(00000012): no HC HTTP/081C86A0 *Apr 18 02:47:27.586: AAA/ACCT/EVENT/(00000012): CALL START *Apr 18 02:47:27.586: Getting session id for NET(00000012) : db=81D9740 *Apr 18 02:47:27.586: AAA/ACCT(00000000): add node, session 8 *Apr 18 02:47:27.586: AAA/ACCT/NET(00000012): add, count 1 *Apr 18 02:47:27.587: AAA/AUTHEN/LOGIN (00000012): Pick method list 'default' *Apr 18 02:47:27.587: RADIUS/ENCODE(00000011):Orig. component type = HTTP *Apr 18 02:47:27.587: RADIUS/ENCODE(00000011): dropping service type, "radius-server attribute 6 on-for-login-auth" is off *Apr 18 02:47:27.588: RADIUS(00000011): Config NAS IP: 0.0.0.0 *Apr 18 02:47:27.588: RADIUS(00000011): Config NAS IPv6: :: *Apr 18 02:47:27.588: Getting session id for EXEC(00000011) : db=81D8BC0 *Apr 18 02:47:27.588: RADIUS/ENCODE(00000011): acct_session_id: 7 *Apr 18 02:47:27.588: RADIUS(00000011): sending *Apr 18 02:47:27.588: RADIUS/ENCODE(00000012):Orig. component type = HTTP *Apr 18 02:47:27.588: RADIUS/ENCODE(00000012): dropping service type, "radius-server attribute 6 on-for-login-auth" is off *Apr 18 02:47:27.588: RADIUS(00000012): Config NAS IP: 0.0.0.0 *Apr 18 02:47:27.588: RADIUS(00000012): Config NAS IPv6: :: *Apr 18 02:47:27.588: Getting session id for EXEC(00000012) : db=81D9740 *Apr 18 02:47:27.588: RADIUS/ENCODE(00000012): acct_session_id: 8 *Apr 18 02:47:27.588: RADIUS(00000012): sending *Apr 18 02:47:27.591: AAA/BIND(00000013): Bind i/f *Apr 18 02:47:27.591: AAA/ACCT/HC(00000013): Register HTTP/081DB990 64 bit counter support not configured *Apr 18 02:47:27.591: AAA/ACCT/HC(00000013): Update HTTP/081DB990 *Apr 18 02:47:27.591: AAA/ACCT/HC(00000013): no HC HTTP/081DB990 *Apr 18 02:47:27.591: AAA/ACCT/EVENT/(00000013): CALL START *Apr 18 02:47:27.591: Getting session id for NET(00000013) : db=82451D0 *Apr 18 02:47:27.591: AAA/ACCT(00000000): add node, session 9 *Apr 18 02:47:27.591: AAA/ACCT/NET(00000013): add, count 1 *Apr 18 02:47:27.591: AAA/AUTHEN/LOGIN (00000013): Pick method list 'default' *Apr 18 02:47:27.592: RADIUS/ENCODE: Best Local IP-Address 10.a.b.13 for Radius-Server 10.x.y.158 *Apr 18 02:47:27.592: RADIUS(00000011): Send Access-Request to 10.x.y.158:1812 onvrf(0) id 1645/6, len 57 *Apr 18 02:47:27.592: RADIUS: authenticator AD 60 46 76 5B BE EE 6B - 9E 4E EF 43 8D D9 F8 E3 *Apr 18 02:47:27.592: RADIUS: User-Name [1] 7 "test-user" *Apr 18 02:47:27.592: RADIUS: User-Password [2] 18 * *Apr 18 02:47:27.592: RADIUS: NAS-Port-Type [61] 6 Virtual [5] *Apr 18 02:47:27.592: RADIUS: NAS-IP-Address [4] 6 10.a.b.13 *Apr 18 02:47:27.592: RADIUS(00000011): Sending a IPv4 Radius Packet *Apr 18 02:47:27.592: RADIUS(00000011): Started 5 sec timeout *Apr 18 02:47:27.593: RADIUS/ENCODE: Best Local IP-Address 10.a.b.13 for Radius-Server 10.x.y.158 *Apr 18 02:47:27.593: RADIUS(00000012): Send Access-Request to 10.x.y.158:1812 onvrf(0) id 1645/7, len 57 *Apr 18 02:47:27.593: RADIUS: authenticator 0B 36 1B 1B 86 24 AC 6A - 0E E8 C6 0F FE 17 FE 94 *Apr 18 02:47:27.593: RADIUS: User-Name [1] 7 "test-user" *Apr 18 02:47:27.593: RADIUS: User-Password [2] 18 * *Apr 18 02:47:27.593: RADIUS: NAS-Port-Type [61] 6 Virtual [5] *Apr 18 02:47:27.593: RADIUS: NAS-IP-Address [4] 6 10.a.b.13 *Apr 18 02:47:27.593: RADIUS(00000012): Sending a IPv4 Radius Packet *Apr 18 02:47:27.593: RADIUS(00000012): Started 5 sec timeout *Apr 18 02:47:27.594: RADIUS/ENCODE(00000013):Orig. component type = HTTP *Apr 18 02:47:27.594: RADIUS/ENCODE(00000013): dropping service type, "radius-server attribute 6 on-for-login-auth" is off *Apr 18 02:47:27.594: RADIUS(00000013): Config NAS IP: 0.0.0.0 *Apr 18 02:47:27.594: RADIUS(00000013): Config NAS IPv6: :: *Apr 18 02:47:27.594: Getting session id for EXEC(00000013) : db=82451D0 *Apr 18 02:47:27.594: RADIUS/ENCODE(00000013): acct_session_id: 9 *Apr 18 02:47:27.594: RADIUS(00000013): sending *Apr 18 02:47:27.594: RADIUS/ENCODE: Best Local IP-Address 10.a.b.13 for Radius-Server 10.x.y.158 *Apr 18 02:47:27.595: RADIUS(00000013): Send Access-Request to 10.x.y.158:1812 onvrf(0) id 1645/8, len 57 *Apr 18 02:47:27.595: RADIUS: authenticator 73 CB 4B 4C 32 D9 1F B9 - 1C 99 1C A7 23 D8 BD C9 *Apr 18 02:47:27.595: RADIUS: User-Name [1] 7 "test-user" *Apr 18 02:47:27.595: RADIUS: User-Password [2] 18 * *Apr 18 02:47:27.595: RADIUS: NAS-Port-Type [61] 6 Virtual [5] *Apr 18 02:47:27.595: RADIUS: NAS-IP-Address [4] 6 10.a.b.13 *Apr 18 02:47:27.595: RADIUS(00000013): Sending a IPv4 Radius Packet *Apr 18 02:47:27.596: RADIUS(00000013): Started 5 sec timeout *Apr 18 02:47:31.341: RADIUS(0000000E): Request timed out! *Apr 18 02:47:31.341: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/3 *Apr 18 02:47:31.342: RADIUS(0000000E): Started 5 sec timeout *Apr 18 02:47:32.629: RADIUS(0000000F): Request timed out! *Apr 18 02:47:32.629: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/4 *Apr 18 02:47:32.629: RADIUS(0000000F): Started 5 sec timeout *Apr 18 02:47:32.629: RADIUS(00000010): Request timed out! *Apr 18 02:47:32.629: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/5 *Apr 18 02:47:32.630: RADIUS(00000010): Started 5 sec timeout *Apr 18 02:47:32.630: RADIUS(00000011): Request timed out! *Apr 18 02:47:32.630: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/6 *Apr 18 02:47:32.630: RADIUS(00000011): Started 5 sec timeout *Apr 18 02:47:32.630: RADIUS(00000012): Request timed out! *Apr 18 02:47:32.630: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/7 *Apr 18 02:47:32.631: RADIUS(00000012): Started 5 sec timeout *Apr 18 02:47:32.631: RADIUS(00000013): Request timed out! *Apr 18 02:47:32.631: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/8 *Apr 18 02:47:32.631: RADIUS(00000013): Started 5 sec timeout *Apr 18 02:47:36.365: RADIUS(0000000E): Request timed out! *Apr 18 02:47:36.365: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/3 *Apr 18 02:47:36.365: RADIUS(0000000E): Started 5 sec timeout *Apr 18 02:47:37.662: RADIUS(0000000F): Request timed out! *Apr 18 02:47:37.662: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/4 *Apr 18 02:47:37.662: RADIUS(0000000F): Started 5 sec timeout *Apr 18 02:47:37.662: RADIUS(00000010): Request timed out! *Apr 18 02:47:37.662: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/5 *Apr 18 02:47:37.663: RADIUS(00000010): Started 5 sec timeout *Apr 18 02:47:37.663: RADIUS(00000011): Request timed out! *Apr 18 02:47:37.663: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/6 *Apr 18 02:47:37.663: RADIUS(00000011): Started 5 sec timeout *Apr 18 02:47:37.663: RADIUS(00000012): Request timed out! *Apr 18 02:47:37.663: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/7 *Apr 18 02:47:37.664: RADIUS(00000012): Started 5 sec timeout *Apr 18 02:47:37.664: RADIUS(00000013): Request timed out! *Apr 18 02:47:37.664: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/8 *Apr 18 02:47:37.664: RADIUS(00000013): Started 5 sec timeout *Apr 18 02:47:41.383: RADIUS(0000000E): Request timed out! *Apr 18 02:47:41.383: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/3 *Apr 18 02:47:41.384: RADIUS(0000000E): Started 5 sec timeout *Apr 18 02:47:42.681: RADIUS(0000000F): Request timed out! *Apr 18 02:47:42.681: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/4 *Apr 18 02:47:42.681: RADIUS(0000000F): Started 5 sec timeout *Apr 18 02:47:42.681: RADIUS(00000010): Request timed out! *Apr 18 02:47:42.681: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/5 *Apr 18 02:47:42.682: RADIUS(00000010): Started 5 sec timeout *Apr 18 02:47:42.682: RADIUS(00000011): Request timed out! *Apr 18 02:47:42.682: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/6 *Apr 18 02:47:42.682: RADIUS(00000011): Started 5 sec timeout *Apr 18 02:47:42.682: RADIUS(00000012): Request timed out! *Apr 18 02:47:42.682: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/7 *Apr 18 02:47:42.683: RADIUS(00000012): Started 5 sec timeout *Apr 18 02:47:42.683: RADIUS(00000013): Request timed out! *Apr 18 02:47:42.683: RADIUS: Retransmit to (10.x.y.158:1812,1813) for id 1645/8 *Apr 18 02:47:42.683: RADIUS(00000013): Started 5 sec timeout *Apr 18 02:47:46.409: RADIUS(0000000E): Request timed out!
04-18-2022 12:38 PM
Try a local account, see if that works ? before you try radius user authentication ?
04-18-2022 12:47 PM
I used local authentication before I setup aaa and radius and it was working.
even with local auth as a backup to radius, local auth still doesn't work
04-18-2022 01:30 PM - edited 04-18-2022 01:35 PM
ip http authentication aaa login-authentication NPS-Servers ip http authentication aaa exec-authorization NPS-Servers
just try only this what is the outcome?
also some references:
04-18-2022 10:07 PM
This didn't work because that config stanza is asking for an authentication list name. The name is default based on the config. NPS-Servers is the group of Radius Servers
Cat1kconfig)#ip http authentication aaa login-authentication NPS-Servers Warning: Authentication list "NPS-Servers" is not defined for LOGIN. Cat1k(config)#ip http authentication aaa exec-authorization NPS-Servers Warning: Authorization list "NPS-Servers" is not defined for EXEC.
04-20-2022 03:54 PM
I would remove both commands and try a simple test first
ip http authentication aaa
04-18-2022 01:59 PM
Cisco work in two version of HTTP one is V1 and other is V1.1
HTTP V1 the http work under the VTY
04-18-2022 10:12 PM
this switch is V1.1 for HTTP
Cat1k#show subsys name http Name Class Version http Protocol 1.001.002
04-20-2022 11:28 AM
just wanted to bump this topic as this still isn't working
04-20-2022 11:44 AM - edited 04-20-2022 11:52 AM
ip http authentication aaa <- add this command
ip http server<-add this command
06-03-2022 02:58 AM
Hi
I have exactly the same problem. I'm working with Clearpass. I can see the Radius Request but they are completly empty with out any attributes. Therefor I have no chance to filter these requests.
I also configured:
ip http server
ip http authentication aaa login-authentication default
ip http authentication aaa exec-authorization default
Are there any additional attributes to use?
Best regards,
Andy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: