cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
942
Views
0
Helpful
3
Replies

Authentication problem between Router C3745 and Server RADIUS

Hello Cisco Community :)

I have a simple topology of LAN network, everything works great excepted my Radius server !

So, here is my topology :

topology1.PNG

My problem is when I try to do connection attempt to the router R1 from Administrateur via SSH, the authentication between R1 and my server RADIUS doesn't work.

here is my R1 config :

Router1#sh run
Building configuration...

Current configuration : 3219 bytes
!
! No configuration change since last restart
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$9i6a$F/bE9u0iqN3NhA.TTGRKs.
!
aaa new-model
!
!
aaa authentication login ACCES_SSH group radius
!
aaa session-id common
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.254
ip dhcp excluded-address 192.168.3.254
!
ip dhcp pool VLAN2
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
!
ip dhcp pool VLAN3
network 192.168.3.0 255.255.255.0
default-router 192.168.3.254
!
!
no ip domain lookup
ip domain name MyDomaine.LAN
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 5
ip ssh time-out 60
ip ssh version 2
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.2.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.3.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.99
encapsulation dot1Q 99
ip address 192.168.99.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface Serial1/0
ip address 223.0.0.1 255.255.255.0
ip nat outside
ip virtual-reassembly
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
network 223.0.0.0 0.0.0.255 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 223.0.0.2
!
!
no ip http server
no ip http secure-server
ip nat inside source list NAT_INTERNET_VLAN2 interface FastEthernet0/1 overload
ip nat inside source list NAT_INTERNET_VLAN3 interface FastEthernet0/1 overload
ip nat inside source list NAT_INTERNET_VLAN99 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.2.1 80 223.0.0.1 80 extendable
!
ip access-list standard NAT_INTERNET_VLAN2
permit 192.168.2.0 0.0.0.255
ip access-list standard NAT_INTERNET_VLAN3
permit 192.168.3.0 0.0.0.255
ip access-list standard NAT_INTERNET_VLAN99
permit 192.168.99.0 0.0.0.255
!
no cdp log mismatch duplex
!
!
radius-server host 192.168.1.1 auth-port 1812 acct-port 1813
radius-server key router
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
password cisco
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login authentication ACCES_SSH
transport input ssh
!
ntp master 1
ntp server 192.168.99.254
!
end

------------------------------------------------

RADIUS config :

RADIUS.PNG

clients.conf :

clients_conf.PNG

users : 

users.PNG

------------------------------------

Administrateur config :

Administrateur.PNG

And the problem is : 

Authentication impossible with the password : bekhechiAuthentication impossible with the password : bekhechiError message on R1Error message on R1

So, if someone have an idea about that, please if he can tell me what the problem and thank you for helpful :)

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

Can you try testing from Switch your Radius is working or not with below command

 

#test aaa server Radius RADIUS-SERVER-IP  USERNAME PASSWORD

 also look the logs in radius server.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi @balaji.bandi 

hope you're good, I tested your issue but unfortunetly it doesn't work aymore !

 I didn't know how to access to LOG RADIUS via command line linux

basically standard setup of radius log will be store in

logdir = "/var/log/radius"

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help