Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4504
Views
10
Helpful
3
Replies

configuring ISR 4331 with RADIUS authentication using management interface

Go to solution
efarkhondeh
Level 1
Level 1

‎07-16-2019 07:48 PM

I have a ISR 4331 router, I configured have configured it so I can sign on using a RADIUS server. I have also made sure the ip ftp source-interface gigabitethernet 0" is the correct interface. Also, i have added the following configuration "

aaa group server radius name    ip vrf forwarding Mgmt-intf"

Lgos: Request timed out!
.Jul 16 03:51:21.863: %RADIUS-4-RADIUS_DEAD: RADIUS server xxx.xxx.xxx.xxx 8:1812,1813 is not responding.
.Jul 16 03:51:21.863: %RADIUS-4-RADIUS_ALIVE: RADIUS server xxx.xxx.xxx.xxx:1812,1813 is being marked alive. I cannot ping the radius server unless I use ping vrf Mgmt-intf xxx.xxx.xxx.xxx.  I know the RADIUS server config is good since all of our switches are working correctly. Any help is appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎07-16-2019 08:52 PM

Not sure why you are using ip ftp source command for radius.

This should work (if you can ping using the vrf interface and you don't
have an rule to block radius ports)

ip radius source-interface Vlan11 vrf test-vrf
!
aaa group server radius test-radius
server name test-srv
ip vrf forwarding test-vrf
!
radius server test-srv
address ipv4 10.10.10.7 auth-port 1812 acct-port 1813

View solution in original post

3 Replies 3

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎07-16-2019 08:52 PM

Not sure why you are using ip ftp source command for radius.

This should work (if you can ping using the vrf interface and you don't
have an rule to block radius ports)

ip radius source-interface Vlan11 vrf test-vrf
!
aaa group server radius test-radius
server name test-srv
ip vrf forwarding test-vrf
!
radius server test-srv
address ipv4 10.10.10.7 auth-port 1812 acct-port 1813

Go to solution
efarkhondeh
Level 1
Level 1
In response to Mohammed al Baqari

‎07-18-2019 07:43 AM

This is my config which is similar to yours but it is not working:

aaa group server radius our_name
server xxx.xxx.xxx.xxx
ip vrf forwarding Mgmt-intf

sh r

aaa authentication login default group radius local
aaa authentication login console-auth local

 

interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address xxx.xxx.xxx.xxx 255.255.255.0
negotiation auto

 

ip radius source-interface GigabitEthernet0

 

radius server Our_server
address ipv4 xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813
key our_key

0 Helpful

Go to solution
Gregory Kahl
Level 1
Level 1
In response to efarkhondeh

‎01-20-2023 07:13 AM

This is an old topic... but... 

aaa authentication login default group radius local

should be... 

aaa authentication login default group our_name local

0 Helpful
Customers Also Viewed These Support Documents