04-07-2009 12:05 AM - edited 03-10-2019 04:25 PM
I am trying to use Radius for Port-Security on a Catalyst 3560; the Radius-Server is a Windows Server/2008.
I am not able to get authenticating.
This is the Configuration of the Switch:
SW-SEDE#sh run
Building configuration...
Current configuration : 2845 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SW-SEDE
!
enable password cisco
!
username cisco privilege 15 password 0 cisco
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting network default start-stop group radius
!
aaa session-id common
ip subnet-zero
ip routing
!
!
!
!
dot1x system-auth-control
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
switchport mode access
!
(omissis)
!
interface GigabitEthernet0/12
switchport mode access
dot1x pae authenticator
dot1x port-control auto
!
(omissis)
!
interface Vlan1
description VLAN-DEFAULT
ip address 192.168.1.254 255.255.255.0
!
interface Vlan2
description VLAN-2
ip address 192.168.2.254 255.255.255.0
!
interface Vlan3
description RESTRICTED
ip address 192.168.3.254 255.255.255.0
!
interface Vlan99
description VLAN-Router
ip address 192.168.99.1 255.255.255.0
!
ip default-gateway 192.168.99.254
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.99.254
ip http server
!
radius-server cache expiry 1
radius-server host 192.168.1.11 auth-port 1812 acct-port 1813
radius-server key tantovalagattaallardoche
!
control-plane
!
And this is the DEBUG output:
16:31:52: AAA/BIND(00000018): Bind i/f
16:31:52: AAA/AUTHEN/19 (00000018): Pick method list 'default'
16:31:52: RADIUS: AAA Unsupported [161] 19
16:31:52: RADIUS: 47 69 67 61 62 69 74 45 74 68 65 72 6E 65 74 30 [GigabitEthernet0]
16:31:52: RADIUS: 2F [/]
16:31:52: RADIUS(00000018): Storing nasport 50012 in rad_db
16:31:52: RADIUS(00000018): Config NAS IP: 0.0.0.0
16:31:52: RADIUS/ENCODE(00000018): acct_session_id: 22872064
16:31:52: RADIUS(00000018): sending
16:31:52: RADIUS/ENCODE: Best Local IP-Address 192.168.1.254 for Radius-Server 192.168.1.11
16:31:52: RADIUS(00000018): Send Access-Request to 192.168.1.11:1812 id 21645/28, len 127
16:31:52: RADIUS: authenticator 7D 49 7D A6 E3 2F AD 22 - 8E E2 8F A8 55 95 6E AA
16:31:52: RADIUS: User-Name [1] 8 "user01"
16:31:52: RADIUS: Service-Type [6] 6 Framed [2]
16:31:52: RADIUS: Framed-MTU [12] 6 1500
16:31:52: RADIUS: Called-Station-Id [30] 19 "00-1B-0C-8F-93-0C"
16:31:52: RADIUS: Calling-Station-Id [31] 19 "00-09-6B-0C-86-9F"
16:31:52: RADIUS: EAP-Message [79] 13
16:31:52: RADIUS: 02 02 00 0B 01 75 73 65 72 30 31 [?????user01]
16:31:52: RADIUS: Message-Authenticato[80] 18
16:31:52: RADIUS: E8 D5 38 63 79 AF 23 B6 9E 75 9D 6E 2E 18 DE EB [??8cy?#??u?n.???]
16:31:52: RADIUS: NAS-Port [5] 6 50012
16:31:52: RADIUS: NAS-Port-Type [61] 6 Eth [15]
16:31:52: RADIUS: NAS-IP-Address [4] 6 192.168.1.254
16:31:58: RADIUS: Retransmit to (192.168.1.11:1812,1813) for id 21645/28
16:32:04: RADIUS: Retransmit to (192.168.1.11:1812,1813) for id 21645/28
16:32:09: RADIUS: Retransmit to (192.168.1.11:1812,1813) for id 21645/28
16:32:15: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.1.11:1812,1813 is not responding.
16:32:15: %RADIUS-4-RADIUS_ALIVE: RADIUS server 192.168.1.11:1812,1813 has returned.
16:32:15: RADIUS: No response from (192.168.1.11:1812,1813) for id 21645/28
16:32:15: RADIUS/DECODE: parse response no app start; FAIL
16:32:15: RADIUS/DECODE: parse response; FAIL
Some HELP?
04-07-2009 10:20 AM
It seems that Radius is not responding to the request. Make sure secret key is same and there is no firewall in between blocking radius traffic.
Regards,
~JG
04-21-2009 12:31 AM
Also check the listening ports of your server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide