Re: Cisco ACS authentication Configuration using Radius Protocol

fmatrine · ‎06-23-2005

Hi All,

We hv a cisco ACS3.0 in our network authenticating dial-in ras clients.

Now we want to implement management level radius authentication for switches in our network.

Since all the switches are non-cisco hence under ACS configuration we configured radius-ietf protocol with udp port number 1812 and shared secret XYZ. Also we hv added lan switch as AAA client with IP address.. Configured test user with password and mapped the user to a Group. ... Radius server Ip was configured on the lan switches with UDP port number and shared secret.

When we try to manage the switch either thru telnet or console we get radius user and password prompt but it does not get authenticated.

when we checked the ACS logs for failed attempts it gives user access filtered error message.we disabled Network access restricion.. still no luck..

Is this a interoperability problem between cisco ACS and non-cisco switch or is ther any other issue related to radius udp port number.we even tried changing the radius port to 1645.

Any help will be appreciated.

Regards

deepak

Report Inappropriate Content · ‎06-29-2005

If authentication fails, try to ping the RADIUS server from the switch. If you are unable to ping the RADIUS server, it is likely to be a routing issue, perhaps related to a misconfigured default gateway or subnet mask setting on the server itself.

jhillend · ‎06-29-2005

Deepak,

When you remove the NAR, what error message do you get? Do you have RADIUS authorization turned on on the switch?

Note: ACS is RFC compliant with IETF standards for RADIUS.