03-08-2016 11:26 AM - edited 03-10-2019 11:33 PM
Is anyone using radius group with their servers in the group for dot1x? I am trying to cleanup our switch configs and found that when I use a group other than radius in my aaa lines desktop authentication does not work.
Works:
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa authorization auth-proxy default group radius
Does Not Work:
aaa authentication dot1x default group Authserver
aaa authorization network default group Authserver
aaa accounting dot1x default start-stop group Authserver
aaa authorization auth-proxy default group Authserver
03-08-2016 11:32 AM
Bret,
Can you please post the server group configuration for "Authserver", and the output of "debug aaa authentication", "debug aaa authorization", "debug aaa accounting" and "debug radius"?
Javier Henderson
Cisco Systems
03-09-2016 05:37 AM
Thanks for jumping in Javier. When I doing testing between different auth servers I forgot to add my key. I am all good now, but if you see something worth adding let me know. For those using this in the future though the full config is below.
ip radius source-interface Vlan2030
radius server Auth1
address ipv4 172.18.2.142 auth-port 1812 acct-port 1813
timeout 1
key yourradiuskey
aaa group server radius AuthServer
server name Auth1
deadtime 1
!
aaa authentication login default group AuthServer local none
aaa authentication login CONSOLE local none
aaa authentication enable default group AuthServer enable none
aaa authentication dot1x default group AuthServer
aaa authorization console
aaa authorization exec default group AuthServer local
aaa authorization exec CONSOLE local none
aaa authorization network default group AuthServer
aaa authorization auth-proxy default group AuthServer
aaa accounting dot1x default start-stop group AuthServer
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: