Thanks for jumping in Javier.

bret · ‎03-08-2016

Is anyone using radius group with their servers in the group for dot1x? I am trying to cleanup our switch configs and found that when I use a group other than radius in my aaa lines desktop authentication does not work.

Works:

aaa authentication dot1x default group radius

aaa authorization network default group radius

aaa accounting dot1x default start-stop group radius

aaa authorization auth-proxy default group radius

Does Not Work:

aaa authentication dot1x default group Authserver

aaa authorization network default group Authserver

aaa accounting dot1x default start-stop group Authserver

aaa authorization auth-proxy default group Authserver

Javier Henderson · ‎03-08-2016

Bret,

Can you please post the server group configuration for "Authserver", and the output of "debug aaa authentication", "debug aaa authorization", "debug aaa accounting" and "debug radius"?

Javier Henderson

Cisco Systems

bret · ‎03-09-2016

Thanks for jumping in Javier. When I doing testing between different auth servers I forgot to add my key. I am all good now, but if you see something worth adding let me know. For those using this in the future though the full config is below.

ip radius source-interface Vlan2030

radius server Auth1
address ipv4 172.18.2.142 auth-port 1812 acct-port 1813
timeout 1
key yourradiuskey

aaa group server radius AuthServer
server name Auth1
deadtime 1
!
aaa authentication login default group AuthServer local none
aaa authentication login CONSOLE local none
aaa authentication enable default group AuthServer enable none
aaa authentication dot1x default group AuthServer
aaa authorization console
aaa authorization exec default group AuthServer local
aaa authorization exec CONSOLE local none
aaa authorization network default group AuthServer
aaa authorization auth-proxy default group AuthServer
aaa accounting dot1x default start-stop group AuthServer

ISE and Radius Server Groups