cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

157
Views
0
Helpful
0
Replies
Highlighted
Beginner

Cisco 2921 <> Free-Radius (dummy/tests works but not ssh)

Because I see some deme/dummy tests, I assume CentOS-7's free-radius is working correctly, but something wrong on ISR 2921.

Still can't ssh with free-radius credentials.

## Log on 2921 ##

May 27 21:18:34.799: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.20.30.100:1812,1813 is being marked alive.
May 27 21:30:42.837: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.20.30.100:1812,1813 is being marked alive.
ISR-2921#

## Log on cent-7 ##

[root@free-radius 10.20.30.1]# cat detail-20170527 
Sat May 27 14:18:34 2017
User-Name = 'dummy'
Acct-Status-Type = Interim-Update
Acct-Session-Id = '00000000'
Acct-Authentic = RADIUS
Service-Type = Framed-User
NAS-IP-Address = 10.20.30.1
Acct-Delay-Time = 15
Event-Timestamp = 'May 27 2017 14:18:19 PDT'
Acct-Unique-Session-Id = '99c501164df6390fd6764fea1dff5aa8'
Timestamp = 1495919914

Sat May 27 14:30:42 2017
User-Name = 'freeRADIUS'
Acct-Status-Type = Interim-Update
Acct-Session-Id = '00000000'
Acct-Authentic = RADIUS
Service-Type = Framed-User
NAS-IP-Address = 10.20.30.1
Acct-Delay-Time = 0
Event-Timestamp = 'May 27 2017 14:30:42 PDT'
Acct-Unique-Session-Id = 'ba1171226b1950324d13959f95b82db7'
Timestamp = 1495920642

[root@free-radius 10.20.30.1]# ls
detail-20170527
[root@free-radius 10.20.30.1]#

## config on 2921 ##

!
aaa new-model
!
!
aaa group server radius RASERV
server name RASERV-1
retransmit 5
timeout 10
!
aaa authentication login default group radius local-case
aaa authentication login use-radius group radius local
aaa authentication login vty group radius local
aaa authentication ppp user-radius if-needed group radius
aaa authentication dot1x default group RASERV
aaa authorization exec default group radius local
aaa authorization network default group radius if-authenticated
aaa accounting dot1x default start-stop group RASERV
aaa accounting exec default start-stop group radius
aaa accounting system default start-stop group radius
!
!
ip radius source-interface GigabitEthernet0/2.888
!
!
access-list 1 permit any
!
radius server RASERV-1
address ipv4 10.20.30.100 auth-port 1812 acct-port 1813
automate-tester username freeRADIUS probe-on
key 7 110D778223
!
line vty 0 4
login authentication vty
transport input ssh
!

## config on cent-7 ##

[root@free-radius 10.20.30.1]# cat /etc/raddb/clients.conf

client 10.20.30.1 {
ipaddr = 10.20.30.1
secret = 1ass341
require_message_authenticator = no
nas_type = other
}


[root@free-radius 10.20.30.1]# cat /etc/raddb/users
freeCISCO Auth-Type := System
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
0 REPLIES 0