10-02-2019 01:18 AM
Hi,
Apologies for a subject probably already done to death !, I am having problems with Radius (Microsoft) authentication for my 4500X's. I have a mix of 2960's , 3560's all using the same Radius servers and profiles and they work fine so am guessing I have something wrong with my config on the 4500.
So my 4500 config looks like
aaa new-model
!
aaa group server radius XX_RAD_AUTH
server name PMRADIUS01
server name WARADIUS01
!
aaa authentication login VTY_AUTH local group XX_RAD_AUTH
aaa authorization exec VTY_AUTHOR local group XXX_RAD_AUTH
radius server PMRADIUS01
address ipv4 XX.XXX.28.69 auth-port 1645 acct-port 1646
key MYKEY123
!
radius server WARADIUS01
address ipv4 XX.XXX.28.70 auth-port 1645 acct-port 1646
key MYKEY123
line vty 0 4
exec-timeout 0 0
authorization exec VTY_AUTHOR
login authentication VTY_AUTH
transport input ssh
line vty 5 15
authorization exec VTY_AUTHOR
login authentication VTY_AUTH
transport input ssh
Network Policy on Microsoft Server
Cisco-AV-Pair shell:priv-lvl=15
Authentication Method Unencrypted authentication (PAP, SPAP)
Service-Type Login
10-02-2019 01:27 AM
>...
>I am having problems
- It would be interesting to know what these problems are.
M.
10-02-2019 01:48 AM
Only mildly interesting....
Login to switch via SSH is failing with an Access Denied message
10-02-2019 01:46 AM
Hi there,
Any reason my you have the radius group as the fallback method. If using local doesn't return an error then the AAA method won't try the radius group.
Try this:
! aaa authentication login VTY_AUTH group XX_RAD_AUTH aaa authorization exec VTY_AUTHOR group XXX_RAD_AUTH !
cheers,
Seb.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide