cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6445
Views
15
Helpful
11
Replies

Windows Server RADIUS not authenticating users for cisco router

Robert28
Beginner
Beginner

The background is the following: I'm running a Windows Server 2019 virtual machine on VMware Workstation with ADDS, DNS, DHCP, and NPS. Windows server resides in VLAN 10(192.168.10.0/24) and a laptop that is connected to VLAN 20(192.168.20.0/24) with having the respective sub-interfaces (fa0/0.10, fa0/0.20) configured on the router. On the Win Server, I configured two DHCP scopes for the two VLANs and all devices i.e. laptop managed to receive the correct address parameters and was able to ping the Win server, so no problems there. I want to authenticate two users inside a security group using the RADIUS service in NPS for accessing the router in privilege level 15. The two users should be able to log into the router using either the console or through SSH. Therefore, I promoted NPS to refer to Active Directory when authenticating users, configured the default gateway address 192.168.10.1 of VLAN 10 as the RADIUS client, in the router made the radius-server host address to be 192.168.10.2 which is the address of the Win server, etc, etc. Basically, I followed several youtube clips related to this topic and exactly configured every single step how it was presented in the videos. 

 

The problem: When the specified users try to login through console or SSH, RADIUS fails to authenticate them with Active Directory responding with failed authentication login messages. Strangely enough, I'm able to SSH or login to the router using the configured local database despite having the RADIUS server online; almost as if RADIUS is being bypassed. What's even weirder is that the router constantly displays a message(s) regarding exactly the following: "%RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.10.2:1645,1646 is not responding." and the other one "%RADIUS-4-RADIUS_ALIVEL: RADIUS server 192.168.10.2:1645,1646 is being marked alive."

 

I've spent more than a week troubleshooting this issue trying every possible "solution" found on the Internet from changing to disabling VLANs, modifying DHCP scopes, reconfiguring the entire router, re-installing AD along with NPS, re-installing the entire Win Server, using different addresses for RADIUS client and for the radius-server host, enabling/disabling firewall rules, tried different ports (from 1645,1646 to 1812,1813), literally everything, but nothing...I'm still experiencing the issues mentioned earlier. I would highly appreciate it if someone could help me solve this problem or at least point me in the right direction after killing so much time and effort trying to solve this case.       

1 Accepted Solution