Re: setting a switch under radius control

baselzind · ‎09-15-2019

i have been asked to list a switch under radius control , some switches are already added under it but im supposed to add any switches that arent , can i simply add the same command to other switches? also the key is made of numbers do i just paste the key in its number form

radius server radius
address ipv4 X.X.X.X auth-port 1812 acct-port 1813
key 7 999999999999999tttttt

balaji.bandi · ‎09-15-2019

Yes you can copy the exiting working Switch config and paste to new switch required radius control.

Couple steps required to be cautious while implementing.

1. Make sure you have a local username in case if the radius not working.

2. add the device into Radius device list.

3. apply the relevance AAA config to work as expected.

in case you see any issue logging using radius server, radius server will have logs why the user failing to log in for further diagnosis purpose. (sometimes you have extra space or copy-paste introduced new hidden character)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

baselzind · ‎09-15-2019

i was checking further and i found mostly i need the below config , but i was wondering do i need to configure somethin under vty line 0 15 to enable radius authentication?
also i found another command "aaa authentication login local_nm local" not sure how it differs from "aaa authentication login default group radius local"?

aaa authentication login default group radius local
radius server radius
address ipv4 X.X.X.X auth-port 1812 acct-port 1813
key 7 999999999999999tttttt

balaji.bandi · ‎09-15-2019

aaa authentication login default group radius local <<- this is the correct syntax (if you have radius group)

Another example if you using Group Servers :

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_rad/configuration/15-mt/sec-usr-rad-15-mt-book/sec-rad-aaa-server-groups.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help