10-02-2019 08:31 AM
Added a new 3850 switch to the network. Added the switch information into my radius server, made the necessary configurations on the switch, same as the others and nothing. Any ideas or suggestion on how to solve this issue?
Solved! Go to Solution.
10-02-2019 11:26 AM
Hi,
What is event has been recorded on the Radius server? and same time share some logs from the switch as:
debug aaa authentication
debug radius
10-02-2019 11:47 AM
On server:
Failure information:
Failure reason: Unknown username or bad password
Audit failure
Have to console into switch to get debug info
10-02-2019 09:03 AM
Can you post the configruationto verify the same.
Test
1. have you added the IP address of Switch in to your Radius
2. from switch is the radius reachable ?
3. what you see logs ? on the radius server ?
how are you testing SSH ? or from console ?
10-02-2019 09:08 AM
aaa new-model
!
!
aaa group server radius RADIUS_SERVERS
server name RADIUS_SVR1
server name RADIUS_SVR2
!
aaa authentication login VTY_AUTHEN group radius local-case
aaa authentication login INSIDE local-case group radius
aaa authorization exec default group radius local if-authenticated
aaa accounting system default start-stop group radius
!
!
!
aaa session-id common
radius server RADIUS_SVR1
address ipv4 ###.###.###.### auth-port 1812 acct-port 1813
key 7 00301B0F177218290328
!
line con 0
exec-timeout 5 0
timeout login response 180
privilege level 15
logging synchronous
login authentication INSIDE
stopbits 1
line vty 0 4
access-class NMS_LIST in
exec-timeout 5 0
timeout login response 180
login authentication VTY_AUTHEN
transport input ssh
transport output none
line vty 5 15
access-class NMS_LIST in
exec-timeout 5 0
timeout login response 180
login authentication VTY_AUTHEN
transport input ssh
transport output
10-02-2019 09:17 AM
what is the device model is this ?
do you have reachability to radius server, can you post ping output from this device ?
10-02-2019 10:34 AM
yes they can ping each other
10-02-2019 11:24 AM
what you see Logs in Radius ? and what device is this
10-02-2019 11:26 AM
Hi,
What is event has been recorded on the Radius server? and same time share some logs from the switch as:
debug aaa authentication
debug radius
10-02-2019 11:47 AM
On server:
Failure information:
Failure reason: Unknown username or bad password
Audit failure
Have to console into switch to get debug info
10-02-2019 01:06 PM
information is passing to the radius, where is your user database?
from radius or external source ? what radius is this ? ACS / ISE / Freeradius ?
10-07-2019 12:23 PM
Thanks all for you assistance. Your questions drove me to dig deeper to find what the reason was for not being able to authenticate via my radius server. My login authentication did no match on my vty lines to my aaa authentication methods (Inside vs VTY_Authen). When I made those changes everything worked fine. By debugging aaa and radius, i was able to determine that something was preventing me from logging in via radius, thus I narrowed it down to the vty lines. Once thanks all for you asistance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide