Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9355
Views
15
Helpful
3
Replies

Problem with RADIUS and VRF in Cisco 6500

Go to solution
BASARTAK1
Level 1
Level 1

‎04-11-2012 05:21 AM - edited ‎03-10-2019 06:59 PM

Hello,

I have the next config of radius authentication:

aaa new-model

aaa authentication login default group radius local

aaa authorization exec default group radius local

aaa session-id common

ip radius source-interface Vlan31 vrf LEGACY

radius-server host 10.10.4.18 auth-port 1645 acct-port 1646 key 7 XXXXXXXX

radius-server host 10.10.5.15 auth-port 1812 acct-port 1813 key 7 XXXXXXXX

radius-server vsa send accounting

radius-server vsa send authentication

The authentication don´t work

In the radius server the sniffer not detect the packets from the Cisco 6500 but the icmp packets from the 6500 arrive fine.

C6500# ping vrf LEGACY 10.10.4.18 SOUrce VLAN 31

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.4.18, timeout is 2 seconds:

Packet sent with a source address of 10.10.5.254

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

interface Vlan31

description XXXX

ip vrf forwarding LEGACY

ip address 10.10.5.254 255.255.254.0

no ip redirects

no ip proxy-arp

no ip mroute-cache

end

it's correct my configuration?

Can you help me?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Javier Henderson
Level 4
Level 4

‎04-15-2012 09:43 AM

What version of IOS are you running on your 6500?

Try the following configuration:

aaa new-model

!

aaa group server radius RADLegacy

server host 10.10.4.18

server host 10.10.5.15

ip vrf forwarding LEGACY

!

aaa authentication login default group RADLegacy local

aaa authorization exec default group RADLegacy local

!

View solution in original post

3 Replies 3

Go to solution
shoaibkhan
Level 1
Level 1

‎04-12-2012 12:59 PM

What VRF are you trying to enable this aaa ? If it not a per VRF AAA then simply define radius source as vlan31 - drop the vrf bit.

0 Helpful

Go to solution
Javier Henderson
Level 4
Level 4

‎04-15-2012 09:43 AM

What version of IOS are you running on your 6500?

Try the following configuration:

aaa new-model

!

aaa group server radius RADLegacy

server host 10.10.4.18

server host 10.10.5.15

ip vrf forwarding LEGACY

!

aaa authentication login default group RADLegacy local

aaa authorization exec default group RADLegacy local

!

Go to solution
BASARTAK1
Level 1
Level 1
In response to Javier Henderson

‎05-02-2012 12:35 AM

Hello,

The problem is solved

I had to include the following configuration

aaa new-model

aaa group server radius RADIUS-GESTION

aaa authentication login default group RADIUS-GESTION local

aaa authorization exec default group RADIUS-GESTION local

ip vrf forwarding GESTION

radius-server host 10.10.5.15 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXX

radius-server host 10.10.4.18 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXXXXXX

radius-server vsa send accounting

radius-server vsa send authentication

thanks for the help

Customers Also Viewed These Support Documents