Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3690
Views
0
Helpful
4
Replies

Trouble with Radius (MS NPS) on cisco Switches\Router

mlharv007
Beginner
Beginner

‎09-20-2012 07:42 PM - edited ‎03-10-2019 07:34 PM

All,

Thanks in advance.  We are setting up a new office and I am trying to get RADIUS setup for authentication to my switches and routers.  Currently I am working on a 3750 running IOS 15 and getting hung on what I think on something small.  I have attached my Microsoft NPS Network Policy.  Below is my IOS config:

aaa group server radius corp-radius

server 10.15.10.20 auth-port 1812 acct-port 1813

!

aaa authentication login default group corp-radius local

aaa authentication login radius-localfallback group corp-radius enable

aaa authorization exec default group radius

aaa accounting exec default start-stop group corp-radius

aaa accounting network default start-stop group corp-radius

!

!

!

!

!

aaa session-id common

radius-server attribute 6 on-for-login-auth

radius-server host 10.15.10.20 auth-port 1812 acct-port 1813 timeout 10 retransmit 3 key 7 1446435A5D

Also I have a debug output:

Sep 21 02:24:43.481: AAA/BIND(00000033): Bind i/f

Sep 21 02:24:43.481: AAA/AUTHEN/LOGIN (00000033): Pick method list 'default'

Sep 21 02:24:43.481: RADIUS/ENCODE(00000033): ask "Password: "

Sep 21 02:24:43.481: RADIUS/ENCODE(00000033): send packet; GET_PASSWORD

Sep 21 02:24:52.314: RADIUS/ENCODE(00000033):Orig. component type = Exec

Sep 21 02:24:52.314: RADIUS:  AAA Unsupported Attr: interface         [222] 4

Sep 21 02:24:52.314: RADIUS:   74 74                [ tt]

Sep 21 02:24:52.314: RADIUS(00000033): Config NAS IP: 0.0.0.0

Sep 21 02:24:52.314: RADIUS(00000033): Config NAS IPv6: ::

Sep 21 02:24:52.314: RADIUS/ENCODE(00000033): acct_session_id: 40

Sep 21 02:24:52.314: RADIUS(00000033): sending

Sep 21 02:24:52.314: RADIUS/ENCODE: Best Local IP-Address 10.15.10.15 for Radius-Server 10.15.10.20

Sep 21 02:24:52.314: RADIUS(00000033): Send Access-Request to 10.15.10.20:1812 id 1645/43, len 83

Sep 21 02:24:52.314: RADIUS:  authenticator A2 8E F9 0E 6D 24 EB 31 - C3 90 ED BE 0F 54 AE CF

Sep 21 02:24:52.314: RADIUS:  User-Name           [1]   15  "admin-lharvey"

Sep 21 02:24:52.314: RADIUS:  User-Password       [2]   18  *

Sep 21 02:24:52.314: RADIUS:  NAS-Port            [5]   6   1

Sep 21 02:24:52.314: RADIUS:  NAS-Port-Id         [87]  6   "tty1"

Sep 21 02:24:52.322: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]

Sep 21 02:24:52.322: RADIUS:  Service-Type        [6]   6   Login                     [1]

Sep 21 02:24:52.322: RADIUS:  NAS-IP-Address      [4]   6   10.15.10.15

Sep 21 02:24:52.322: RADIUS(00000033): Sending a IPv4 Radius Packet

Sep 21 02:24:52.322: RADIUS(00000033): Started 10 sec timeout

Sep 21 02:24:52.330: RADIUS: Received from id 1645/43 10.15.10.20:1812, Access-Reject, len 20

Sep 21 02:24:52.330: RADIUS:  authenticator 61 69 0B DB E3 1F DE 88 - C9 C9 DB 8A 3A FD A2 07

Sep 21 02:24:52.330: RADIUS(00000033): Received from id 1645/43

Sep 21 02:24:54.343: AAA/AUTHEN/LOGIN (00000033): Pick method list 'default'

Sep 21 02:24:54.343: RADIUS/ENCODE(00000033): ask "Password: "

Sep 21 02:24:54.343: RADIUS/ENCODE(00000033): send packet; GET_PASSWORD

Any help or ideas would be greatly appreciated.

Thanks

Labels:
Preview file
53 KB
0 Helpful
4 Replies 4

Tarik Admani
VIP Alumni
VIP Alumni