IOS Admin access using radius

M. Wisely · ‎07-25-2017

When I login to an HPE switch using radius, the switch sends the client IP address along with the authentication request but when I do the same with a Cisco IOS switch (6509 15.1(2)SY6) the client IP isn't there. Is it possible to add this attribute to authenstication request in IOS?

Thanks

GRANT3779 · ‎07-25-2017

Have you tried either of the following below - Just ensure the same IP address you use is configured on the actual Radius server.

Global config command and also a radius group command.

UK-SW-1F-01(config-sg-radius)#ip radius source-interface ?

UK-SW-1F-01(config)#ip radius source-interface ?
Auto-Template Auto-Template interface
Capwap Capwap tunnel interface
GigabitEthernet GigabitEthernet IEEE 802.3z
GroupVI Group Virtual interface
InternalInterface Internal Interface
Loopback Loopback interface
Lspvif LSP virtual interface
Null Null interface
Port-channel Ethernet Channel of interfaces
TenGigabitEthernet Ten Gigabit Ethernet
Tunnel Tunnel interface
Vlan Catalyst Vlans

M. Wisely · ‎07-25-2017

That's the NAS address you're referring to, I'm talking about the client IP.

When I ssh into an HPE switch my laptops IP address is included in the authentication request to the radius server but with a cisco switch it doesn't contain my IP address.

GRANT3779 · ‎07-25-2017

Ah apologies I misread.

Do you have the following global comman in the switch config -

radius-server attribute 8 include-in-access-req

I can test this later to check also.