Solved: Re: Radius Client

abarb002 · ‎10-02-2019

Added a new 3850 switch to the network. Added the switch information into my radius server, made the necessary configurations on the switch, same as the others and nothing. Any ideas or suggestion on how to solve this issue?

Deepak Kumar · ‎10-02-2019

Hi,

What is event has been recorded on the Radius server? and same time share some logs from the switch as:

debug aaa authentication

debug radius

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

abarb002 · ‎10-02-2019

On server:

Failure information:

Failure reason: Unknown username or bad password

Audit failure

Have to console into switch to get debug info

View solution in original post

balaji.bandi · ‎10-02-2019

Can you post the configruationto verify the same.

Test

1. have you added the IP address of Switch in to your Radius

2. from switch is the radius reachable ?

3. what you see logs ? on the radius server ?

how are you testing SSH ? or from console ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

abarb002 · ‎10-02-2019

aaa new-model
!
!
aaa group server radius RADIUS_SERVERS
server name RADIUS_SVR1
server name RADIUS_SVR2
!
aaa authentication login VTY_AUTHEN group radius local-case
aaa authentication login INSIDE local-case group radius
aaa authorization exec default group radius local if-authenticated
aaa accounting system default start-stop group radius
!
!
!
aaa session-id common

radius server RADIUS_SVR1
address ipv4 ###.###.###.### auth-port 1812 acct-port 1813
key 7 00301B0F177218290328
!
line con 0
exec-timeout 5 0
timeout login response 180
privilege level 15
logging synchronous
login authentication INSIDE
stopbits 1
line vty 0 4
access-class NMS_LIST in
exec-timeout 5 0
timeout login response 180
login authentication VTY_AUTHEN
transport input ssh
transport output none
line vty 5 15
access-class NMS_LIST in
exec-timeout 5 0
timeout login response 180
login authentication VTY_AUTHEN
transport input ssh
transport output

balaji.bandi · ‎10-02-2019

what is the device model is this ?

do you have reachability to radius server, can you post ping output from this device ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

abarb002 · ‎10-02-2019

yes they can ping each other

balaji.bandi · ‎10-02-2019

what you see Logs in Radius ? and what device is this

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Deepak Kumar · ‎10-02-2019

Hi,

What is event has been recorded on the Radius server? and same time share some logs from the switch as:

debug aaa authentication

debug radius

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

abarb002 · ‎10-02-2019

On server:

Failure information:

Failure reason: Unknown username or bad password

Audit failure

Have to console into switch to get debug info

balaji.bandi · ‎10-02-2019

information is passing to the radius, where is your user database?

from radius or external source ? what radius is this ? ACS / ISE / Freeradius ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

abarb002 · ‎10-07-2019

Thanks all for you assistance. Your questions drove me to dig deeper to find what the reason was for not being able to authenticate via my radius server. My login authentication did no match on my vty lines to my aaa authentication methods (Inside vs VTY_Authen). When I made those changes everything worked fine. By debugging aaa and radius, i was able to determine that something was preventing me from logging in via radius, thus I narrowed it down to the vty lines. Once thanks all for you asistance.