04-09-2009 09:10 AM - edited 03-10-2019 04:25 PM
Hi All,
We have recently upgraded one of our routers to version 12.2SR.
One of the problems we are facing is that radius authentication is not working correcly for the enable part.
We are using loopback address as a source.
ip radius source-interface Loopback0
while for the user authentication the request from the router is using the loopback address, for the enable is using the physical address!!! we tried to remove and add all the aaa commands but same thing. This is not the case for older version i.e. 12.2SX
Find below the aaa and radius commands.
aaa new-model
aaa authentication login my_radius group radius local
aaa authentication enable default group radius enable
aaa session-id common
no cns aaa enable
aaa authentication login my_radius group radius local
aaa authentication enable default group radius enable
ip radius source-interface Loopback0
radius-server host 1.1.1.1 auth-port 1812 acct-port 1813 key 7 xxxxxxxxxx
04-09-2009 01:03 PM
It is not a radius source issue.
Enable authentication was actually designed to work with TACACS. In IOS devices when we do "enable" authentication using the Radius protocol, the username sent to Radius Server (ACS), is not the one with which you logged in. It is "$enab15$", if you check the failed logs, I am sure you'll see that username. In case of Radius you would be required to create a user account with the username "$enab15$" and use the password for this account to be able to log into enable privilege mode.
Regards,
~JG
Do rate helpful posts
04-15-2009 05:08 AM
Hi JG,
we have already defined the "$enab15$" user. As I told you, the problem is that user authentication is using loopback address as a source, while enable is using local interface address. I can confirm this because, we added local address to the radius, till we sort out the problem.
04-15-2009 08:20 AM
Hi,
It seems we are hitting this bug,
ip radius source-interface ignored during enable authentication
Regards,
~JG
Do rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide