06-22-2020 05:08 PM
06-22-2020 05:09 PM
Sorry, the question dropped...
I am working through our Cisco devices and want to clean up our RADIUS / AAA configurations. Here is what I am trying to accomplish. See the configuration below for an example. Here are some I am trying to do:
1. Clean up any unnecessary RADIUS group configs. I would like to remove NPS-group and NPS2-group
2. I only want to have an "NPS-Group" with two servers named RAS1 and RAS2.
RAS1 ip address 192.168.1.81 with default ports of 1645 / 1646 with a key of Cisco123
RAS2 ip address 192.168.1.91 with default ports of 1645 / 1646 with a key of Cisco123
3. I have tried removing the servers and re-adding them, but the CLI error stated that I already had that server with that IP / Port setup.
4. I have tried to remove Server group radius from the list SW1#sh radius server-group all, and I could not. I was hoping to completely re-do the RADIUS / AAA config all over.
SW1#sh radius server-group all
Server group radius
Sharecount = 1 sg_unconfigured = FALSE
Type = standard Memlocks = 1
Server(192.168.1.81:1645,1646) Transactions:
Authen: 303 Author: 0 Acct: 0
Server_auto_test_enabled: FALSE
Keywrap enabled: FALSE
Server(UNKNOWN:65535,65535) Transactions:
Authen: 0 Author: 0 Acct: 0
Server_auto_test_enabled: FALSE
Keywrap enabled: FALSE
Server(UNKNOWN:65535,65535) Transactions:
Authen: 0 Author: 0 Acct: 0
Server_auto_test_enabled: FALSE
Keywrap enabled: FALSE
Server(192.168.1.91:1645,1646) Transactions:
Authen: 0 Author: 0 Acct: 0
Server_auto_test_enabled: FALSE
Keywrap enabled: FALSE
Server group NPS-Group
Sharecount = 1 sg_unconfigured = FALSE
Type = standard Memlocks = 1
Server(UNKNOWN:65535,65535) Transactions:
Authen: 0 Author: 0 Acct: 0
Server_auto_test_enabled: FALSE
Keywrap enabled: FALSE
Server group NPS-group
Sharecount = 1 sg_unconfigured = FALSE
Type = standard Memlocks = 1
Server group NPS2-group
Sharecount = 1 sg_unconfigured = FALSE
Type = standard Memlocks = 1
SW1#sh run | inc aaa
aaa new-model
aaa group server radius NPS-Group
aaa group server radius NPS-group
aaa group server radius NPS2-group
aaa authentication login default group admin local
aaa authentication login NPS-group group radius local
aaa authentication login NPS2-group group radius local
aaa authentication login console local
aaa authentication dot1x default group NPS-group
aaa authorization exec default group NPS-group local
aaa authorization network default group NPS-Group
aaa session-id common
Comments and suggestions welcomed!!!! Ideally, I just want to clean up our RADIUS configs to create a naming and configuration standard on our devices.
06-23-2020 06:20 AM
You should remove all linked to old name and old IP address.
can you post will give an idea.
show run | in 192.168.1.91
show run | in 192.168.1.92
06-23-2020 06:41 AM
BB,
I have tried. The two servers will still show under sho radius server-group all. Ideas on how to remove?
show run | in 192.168.1.81
address ipv4 192.168.1.81 auth-port 1645 acct-port 1646
show run | in 192.168.1.91
address ipv4 192.168.1.91 auth-port 1645 acct-port 1646
06-23-2020 08:05 AM
Ok can you post all the config - removing secure information, so we can tweak it.
06-23-2020 09:01 AM
BB,
I will pull a running-config and sanitize it and post as soon as I can.
Thanks!
06-24-2020 07:47 AM
06-23-2020 06:42 AM - edited 06-23-2020 04:59 PM
BB....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide