cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

242
Views
0
Helpful
0
Replies
sayrmatics
Beginner

RADIUS Server Automated Testing - Cat6k

Hi all

I am presently deploying NAC around a number of branch offices for a customer with Cisco ISE as the backend RADIUS server. I am working with a mix of cat6ks (sup32/IOS12.2(33)SXJ7) and cat3750/3750Es (IOS 12.2(55)SE9/15.0(2)SE6) and part of the config changes is adding a local user to use in automated testing of the RADIUS server. 

I have basically the same config on the different hardware platforms (apart from on devices running IOS15.x with the slightly different command set) and have this is working OK from the 3750/3750Es. However, I get no joy with the cat6ks and going by the ops log on ISE, the result is a 5400 event - authentication failed with reason as wrong password or invalid shared secret. I know the shared secret is not invalid as normal authentication/authorization is happening with no issues for devices connecting via these switches. Also a show aaa server on the switch confirms current status as UP...Ordinarily I wouldn't be worried as things are working but it is distorting the auth reports and I'd like to fix the issue or disable automated testing if not possible:(

---

cat3k

username radiustest password testpassword

radius-server host 10.10.6.200 auth-port 1812 acct-port 1813 test username radiustest key sharedsecret

cat6k

username radiustest password testpassword

radius-server host 10.10.6.200 auth-port 1812 acct-port 1813 test username radiustest key sharedsecret

---

 

Anyone seen this before or I am hosing it up somewhere?

 

Thanks in advance

Sayre

0 REPLIES 0
Content for Community-Ad