12-19-2017 10:25 AM - edited 02-21-2020 10:41 AM
Hi Team,
Please assist.
I am trying Configure authentication of users using radius server on cisco switch 2960 but its not working please find the show run command below and advise
boot-start-marker
boot-end-marker
!
enable secret 5 $1$rvkL$/q3vE.2HnJhFhHfSVIcNX0
!
username admin password 7 1139391642055B1E00
!
!
aaa new-model
!
!
aaa group server radius switch-auth
server 192.168.10.2 auth-port 1645 acct-port 1646
!
aaa authentication login default group switch-auth enable
aaa authentication dot1x default local
aaa authorization network default group switch-auth
aaa accounting dot1x default start-stop group switch-auth
aaa accounting system default start-stop group radius
!
!
!
aaa session-id common
clock timezone GMT+2 2
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
!
!
ip domain-name computech.com
!
!
crypto pki trustpoint TP-self-signed-4186516864
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4186516864
revocation-check none
rsakeypair TP-self-signed-4186516864
!
!
crypto pki certificate chain TP-self-signed-4186516864
certificate self-signed 01
30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34313836 35313638 3634301E 170D3933 30333031 30303030
35335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31383635
31363836 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D502 F1D19785 F51048A4 F0DACE85 236E8A66 C96BC130 55DA99B9 E28AC4AF
58A79F84 3474C6B9 A6C87378 BA2E0E58 604BD830 10FAF7E3 7F659ACE ED669CD2
97320C80 A76F789F 501D32F3 F5B52416 3A4DABD3 9649AE21 FA52EBF6 C2FD3B43
9C43BB51 98E9FF84 1B64720F 091B803C 6CBF9A39 3D1BCAB8 0436F0B3 4945FD22
C11F0203 010001A3 70306E30 0F060355 1D130101 FF040530 030101FF 301B0603
551D1104 14301282 10537769 7463682E 63746563 682E636F 6D301F06 03551D23
04183016 8014E86B 4A371E06 AC3246E8 E3BA209B 2DC4A2F6 2C77301D 0603551D
0E041604 14E86B4A 371E06AC 3246E8E3 BA209B2D C4A2F62C 77300D06 092A8648
86F70D01 01040500 03818100 B9EB22DE E6C1307F B54634D3 D6148106 12F1A7BB
E6E4AAD7 38D6B3BA 7CCCB776 0DEABD23 0AE2D093 43E27DE6 4978EF67 0AEBE6B6
9E3C69C8 1D3178E0 B4E11376 3A5CC0D0 2AEC70B5 2D65272F 063D29EA 048D72D7
539D05B8 2C6B1962 0DF69071 2FB05212 11C804F8 6477B01D 87EBED03 79139537
FA63987D 119AC0A2 47AA5F74
quit
dot1x system-auth-control
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip tftp source-interface FastEthernet0/1
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
switchport mode access
!
interface FastEthernet0/14
switchport mode access
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
switchport mode access
authentication host-mode multi-auth
authentication port-control auto
dot1x pae authenticator
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.10.8 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.10.1
no ip http server
no ip http secure-server
ip sla enable reaction-alerts
logging 192.168.10.254
radius-server host 192.168.10.2 auth-port 1812 acct-port 1813
radius-server retransmit 1
radius-server timeout 2
radius-server key 7 0787249176
!
line con 0
privilege level 15
password 7 053B261C745B1E1B1D
line vty 0 4
privilege level 15
password 7 053B261C745B1E1B1D
transport input ssh
line vty 5 15
!
ntp server 192.168.10.1
end
Ctech_Cisco_Switch#
Solved! Go to Solution.
12-19-2017 11:58 AM
You are defining different radius auththentication and accouting ports, once on the aaa group and the other on the radius-server command. You've also defined the aaa authentication to be local and not the aaa group. Try this:
aaa group server radius switch-auth
server 192.168.10.2
aaa authentication dot1x default group switch-auth
12-19-2017 11:58 AM
You are defining different radius auththentication and accouting ports, once on the aaa group and the other on the radius-server command. You've also defined the aaa authentication to be local and not the aaa group. Try this:
aaa group server radius switch-auth
server 192.168.10.2
aaa authentication dot1x default group switch-auth
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide