cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
810
Views
0
Helpful
3
Replies

Unable to on to switch after config radius

kjefferson1
Level 1
Level 1

here is my config

aaa authentication login default group radius local line enable
aaa authentication login no_radius line enable
aaa authentication enable default group radius enable
aaa authorization console
aaa authorization exec default group radius local if-authenticated
aaa authorization exec no_radius none
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting connection default start-stop group radius
!


snmp-server community MarianiNetRO RO
snmp-server community LPm0nitor4MPC RO
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps license
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx root-inconsistency loop-inconsistency
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server host 10.10.1.151 version 2c LPm0nitor4MPC
snmp-server host 10.1.100.15 version 2c MarianiNetTrap
!
!
radius server MPC
address ipv4 10.1.120.17 auth-port 1645 acct-port 1646
key 7 09626E1D0E2505195A55547C
!
!
no vstack
privilege exec level 14 configure
!
line con 0
session-timeout 15
login authentication defualt
stopbits 1
line vty 0 4
session-timeout 15
transport input ssh
line vty 5 15
session-timeout 15
transport input ssh
!
wsma agent exec
profile httplistener
profile httpslistener
!
wsma agent config
profile httplistener
profile httpslistener
!
wsma agent filesys
profile httplistener
profile httpslistener
!
wsma agent notify
profile httplistener
profile httpslistener
!
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https
end

1 Accepted Solution

Accepted Solutions

Francesco Molino
VIP Alumni
VIP Alumni
HI

The line aaa authentication login default group radius local line enable should looks like aaa authentication login default group radius local.

On VTY lines, it will use the default authentication and authorization. However, for console, you have typo: login authentication defualt
instead of login authentication default I believe.

Do you have some logs on your Radius to validate traffic is sent from the switch and hitting the radius server?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

3 Replies 3

Francesco Molino
VIP Alumni
VIP Alumni
HI

The line aaa authentication login default group radius local line enable should looks like aaa authentication login default group radius local.

On VTY lines, it will use the default authentication and authorization. However, for console, you have typo: login authentication defualt
instead of login authentication default I believe.

Do you have some logs on your Radius to validate traffic is sent from the switch and hitting the radius server?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

balaji.bandi
Hall of Fame
Hall of Fame

Alwyas best practice is test the access before you write the config, since it will lockdown the configuration mistakes.

Suggested to do the configuration in  test environment, if this is the frist time deployment.

Look at the many examples posted around in the blogs what command to use to fall back, rather lockout.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Martin L
VIP
VIP

change aaa authentication login default group radius local line enable
to
aaa authentication login default group radius local
not sure what 2 line is for if u jave 3rd one
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: