I have a 2900 Cisco switch running version 16.12.02 and I'm trying to set up RADIUS for the first time.
I have a RADIUS server at 192.168.0.1 (ports: 1812/1813)
My switch VLAN is at 192.168.0.3
My client is at 192.168.0.2
When I do a
$ radtest user pass 192.168.0.1 0 testing123
from the client directly to the RADIUS server, my request gets accepted.
Also, the AAA test succeeds:
radius1# test aaa group radius server 192.168.0.1 user pass legacy
Attempting authentication test to server-group radius using radius
User was successfully authenticated
But somehow, the switch is not forwarding my RADIUS packages. From my understanding of 802.1X and RADIUS, I have to send a request from the client (192.168.0.2) to the switch (192.168.0.3) and the switch forwards this packet to the server (192.168.0.1)
But when I send my RADIUS packets to the switch, nothing happens...
$ radtest user pass 192.168.0.1 0 testing123
... output
(0) No reply from server for ID 173 socket 3
This is my output from sh aaa servers:
RADIUS: id 3, priority 1, host 192.168.0.1, auth-port 1812, acct-port 1813, hostname radius1
State: current UP, duration 2167s, previous duration 0s
Dead: total time 0s, count 0
Platform State from SMD: current UP, duration 2167s, previous duration 0s
SMD Platform Dead: total time 0s, count 0
Platform State from WNCD (1) : current UP
Platform State from WNCD (2) : current UP
Platform State from WNCD (3) : current UP
Platform State from WNCD (4) : current UP
Platform State from WNCD (5) : current UP
Platform State from WNCD (6) : current UP
Platform State from WNCD (7) : current UP
Platform State from WNCD (8) : current UP, durations 0s, previous duration 0s
Platform Dead: total time 0s, count 0
Quarantined: No
Authen: request 2, timeouts 0, failover 0, retransmission 0
Response: accept 2, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 87ms
Transaction: success 2, failure 0
Throttled: transaction 0, timeout 0, failure 0
Malformed responses: 0
Bad authenticators: 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 87ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Malformed responses: 0
Bad authenticators: 0
Account: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 87ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Malformed responses: 0
Bad authenticators: 0
Elapsed time since counters last cleared: 36m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Consecutive Response Failures: total 0
SMD Platform : max 0, current 0 total 0
WNCD Platform : max 0, current 0 total 0
IOSD Platform : max 0, current 0 total 0
Consecutive Timeouts: total 0
SMD Platform : max 0, current 0 total 0
WNCD Platform : max 0, current 0 total 0
IOSD Platform : max 0, current 0 total 0
Requests per minute past 24 hours:
high - 0 hours, 31 minutes ago: 1
low - 0 hours, 36 minutes ago: 0
average: 0This is my RADIUS configuration:
version 16.12
hostname radius1
aaa new-model
aaa authentication dot1x default group radius
aaa authorization dot1x default group radius
aaa accounting dot1x default start-stop group radius
aaa session-id common
dot1x system-auth-control
interface GigabitEthernet1/0/1
switchport access vlan 99
switchport mode access
interface GigabitEthernet1/0/3
switchport access vlan 99
switchport mode access
interface Vlan99
ip address 192.168.0.3 255.255.255.0
ip radius source-interface Vlan99
radius server radius1
address ipv4 192.168.0.1 auth-port 1812 acct-port 1813
key 7 ***
Any ideas, how I can make the switch forwarding these packages?
Thanks, Philipp
