Re: Can't login to Cisco 3750 Switch

patrick.galito · ‎10-23-2017

Hi all.

I know this has been discussed a million times and I've racked my head doing research the past 3 days and still can't login to the switch. I am testing NPS via Windows Server 2012 R2. My Cisco switch is a 3750 running 12.2 (55)SE10.

I have my NPS connected to Gi1/0/13 and a test computer on Gi1/0/15. From my computer I can ping the NPS and vice versa. Both the NPS and computer are on VLAN 100 which in this test I have setup as my management VLAN.

When I run the test aaa group radius server 192.x.x.17 testuser Password new-code I get the user successfully authenticated. When I try and login to the Cisco switch I am unable to.

My NPS is setup as followed:

Radius clients

Friendly name test

ip address 192.x.x.16

shared secret cisco

advanced tab vendor name is Cisco.

Connection Policy:

Policy name test

condition with client friendly name being test

everything under the setting tab is left to default

Network Policy:

Policy Name Network Engineers

Policy enabled and grant access

Condition is user groups TestEnvironment\Network_Engineers

Client Friendly Name test

constraints is unencrypted PAP, SPAP

settings tab has standard with the service-type being login

vendor specific is cisco with shell:priv-lvl=15

everything else is left to the defaults

Thanks!

Patrick

marce1000 · ‎02-05-2018

- Can you add the following to your switch configuration (check if it helps) :

radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server attribute nas-port format d
radius-server attribute list custom
attribute 87

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

agrissimanis · ‎02-06-2018

In this case I would look at the NPS server logs. What do you see in the NPS and in the security log?