ā05-01-2024 11:27 PM
Hi All,
I need some advice on AAA config. My switches are able to reach the RADIUS but the device still accepts only local login.
Please have a look at the config and guide me on how to correct it:
aaa group server radius AA-RADIUS
server-private 10.169.15.5 auth-port 1645 key 7 0832594C0418171E1C0E380B383B212C3C17231F08190D
server-private 10.169.15.6 key 7 15131E180C673B2B3A2775734553434312435B555246070D1D22564A4756565A760A57090856
aaa authentication login default group radius local
aaa session-id common
BR,
Ranjita
Solved! Go to Solution.
ā05-02-2024 10:16 AM
Sorry I was checking this count
incorrect <- this count increment when the request form is wrong or server key is wrong? Double check server key
Also you add many servers one with 1812 and other with 1645' we already check 1645 and it not work' remove it do test again and share show aaa server
Thanks
MHM
ā05-02-2024 12:07 AM
debug aaa authentication
must cause of this issue is radius add SW IP different than SW use as source
the common solution is use
radius source-interface
MHM
ā05-02-2024 01:15 AM
ā05-02-2024 01:26 AM
Are you run
Aaa new model
In your config?
If not the that reason.
Note:- dont wr the config until ypu are totally sure yoh can access SW vai new config, this give retrun point.
MHM
ā05-02-2024 01:29 AM
Hi,
Yes I am
do sh run | inc aaa
aaa new-model
aaa group server radius UR-RADIUS
aaa authentication login default group UR-RADIUS local
aaa authentication enable default enable
aaa session-id common
ā05-02-2024 01:41 AM
show aaa server <<- share this
MHM
ā05-02-2024 01:47 AM
ā05-02-2024 01:54 AM
Change the port to be 1812 not 1645.
Do show aaa server again
Authen: request 0, timeouts 0, failover 0, retransmission 0 Response: accept 0,
These counter must be increase.
Note:- I am sure you try ping server IP use source vlan403 and success
MHM
ā05-02-2024 02:09 AM
Hi ,
Yes the ping works.I tried using source as well. I have updated the port
X02YAL11UH001-KF002-SW#sh aaa server
RADIUS: id 6, priority 0, host 10.169.29.5, auth-port 1645, acct-port 1813, hostname UR-RADIUS_PrivateServer_10.169.29.5_1645_1813
State: current UP, duration 1263s, previous duration 0s
Dead: total time 0s, count 0
Platform State from SMD: current UP, duration 1384672s, previous duration 0s
SMD Platform Dead: total time 0s, count 0
Platform State from WNCD (1) : current UP
Platform State from WNCD (2) : current UP
Platform State from WNCD (3) : current UP
Platform State from WNCD (4) : current UP
Platform State from WNCD (5) : current UP
Platform State from WNCD (6) : current UP
Platform State from WNCD (7) : current UP
Platform State from WNCD (8) : current UP, duration 0s, previous duration 0s
WNCD Platform Dead: total time 0s, count 0UP
Quarantined: No
Authen: request 4, timeouts 4, failover 0, retransmission 3
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 4, time 0ms
Transaction: success 0, failure 1
Throttled: transaction 0, timeout 0, failure 0
Malformed responses: 0
Bad authenticators: 0
Dot1x transactions:
Response: total responses: 0, avg response time: 0ms
Transaction: timeouts 0, failover 0
Transaction: total 0, success 0, failure 0
MAC auth transactions:
Response: total responses: 0, avg response time: 0ms
Transaction: timeouts 0, failover 0
Transaction: total 0, success 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Malformed responses: 0
Bad authenticators: 0
MAC author transactions:
Response: total responses: 0, avg response time: 0ms
Transaction: timeouts 0, failover 0
Transaction: total 0, success 0, failure 0
Account: request 0, timeouts 0, failover 0, retransmission 0
Request: start 0, interim 0, stop 0
Response: start 0, interim 0, stop 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Malformed responses: 0
Bad authenticators: 0
Elapsed time since counters last cleared: 21m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Consecutive Response Failures: total 0
SMD Platform : max 0, current 0 total 0
WNCD Platform: max 0, current 0 total 0
IOSD Platform : max 0, current 0 total 0
Consecutive Timeouts: total 3
SMD Platform : max 0, current 0 total 0
WNCD Platform: max 0, current 0 total 0
IOSD Platform : max 3, current 3 total 3
Requests per minute past 24 hours:
high - 0 hours, 3 minutes ago: 4
low - 0 hours, 21 minutes ago: 0
average: 0
RADIUS: id 8, priority 0, host 10.169.29.5, auth-port 1812, acct-port 1813, hostname UR-RADIUS_PrivateServer_10.169.29.5_1812_1813
State: current UP, duration 42s, previous duration 0s
Dead: total time 0s, count 0
Platform State from SMD: current UP, duration 1384678s, previous duration 0s
SMD Platform Dead: total time 0s, count 0
Platform State from WNCD (1) : current UP
Platform State from WNCD (2) : current UP
Platform State from WNCD (3) : current UP
Platform State from WNCD (4) : current UP
Platform State from WNCD (5) : current UP
Platform State from WNCD (6) : current UP
Platform State from WNCD (7) : current UP
Platform State from WNCD (8) : current UP, duration 0s, previous duration 0s
WNCD Platform Dead: total time 0s, count 0UP
Quarantined: No
Authen: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Malformed responses: 0
Bad authenticators: 0
Dot1x transactions:
Response: total responses: 0, avg response time: 0ms
Transaction: timeouts 0, failover 0
Transaction: total 0, success 0, failure 0
MAC auth transactions:
Response: total responses: 0, avg response time: 0ms
Transaction: timeouts 0, failover 0
Transaction: total 0, success 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Malformed responses: 0
Bad authenticators: 0
MAC author transactions:
Response: total responses: 0, avg response time: 0ms
Transaction: timeouts 0, failover 0
Transaction: total 0, success 0, failure 0
Account: request 0, timeouts 0, failover 0, retransmission 0
Request: start 0, interim 0, stop 0
Response: start 0, interim 0, stop 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Malformed responses: 0
Bad authenticators: 0
Elapsed time since counters last cleared: 0m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Consecutive Response Failures: total 0
SMD Platform : max 0, current 0 total 0
WNCD Platform: max 0, current 0 total 0
IOSD Platform : max 0, current 0 total 0
Consecutive Timeouts: total 0
SMD Platform : max 0, current 0 total 0
WNCD Platform: max 0, current 0 total 0
IOSD Platform : max 0, current 0 total 0
RADIUS: id 9, priority 0, host 10.169.29.6, auth-port 1812, acct-port 1813, hostname UR-RADIUS_PrivateServer_10.169.29.6_1812_1813
State: current UP, duration 48s, previous duration 0s
Dead: total time 0s, count 0
Platform State from SMD: current UP, duration 48s, previous duration 0s
SMD Platform Dead: total time 0s, count 0
Platform State from WNCD (1) : current UP
Platform State from WNCD (2) : current UP
Platform State from WNCD (3) : current UP
Platform State from WNCD (4) : current UP
Platform State from WNCD (5) : current UP
Platform State from WNCD (6) : current UP
Platform State from WNCD (7) : current UP
Platform State from WNCD (8) : current UP, duration 0s, previous duration 0s
WNCD Platform Dead: total time 0s, count 0UP
Quarantined: No
Authen: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Malformed responses: 0
Bad authenticators: 0
Dot1x transactions:
Response: total responses: 0, avg response time: 0ms
Transaction: timeouts 0, failover 0
Transaction: total 0, success 0, failure 0
MAC auth transactions:
Response: total responses: 0, avg response time: 0ms
Transaction: timeouts 0, failover 0
Transaction: total 0, success 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Malformed responses: 0
Bad authenticators: 0
MAC author transactions:
Response: total responses: 0, avg response time: 0ms
Transaction: timeouts 0, failover 0
Transaction: total 0, success 0, failure 0
Account: request 0, timeouts 0, failover 0, retransmission 0
Request: start 0, interim 0, stop 0
Response: start 0, interim 0, stop 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Malformed responses: 0
Bad authenticators: 0
Elapsed time since counters last cleared: 0m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Consecutive Response Failures: total 0
SMD Platform : max 0, current 0 total 0
WNCD Platform: max 0, current 0 total 0
IOSD Platform : max 0, current 0 total 0
Consecutive Timeouts: total 0
SMD Platform : max 0, current 0 total 0
WNCD Platform: max 0, current 0 total 0
ā05-02-2024 10:16 AM
Sorry I was checking this count
incorrect <- this count increment when the request form is wrong or server key is wrong? Double check server key
Also you add many servers one with 1812 and other with 1645' we already check 1645 and it not work' remove it do test again and share show aaa server
Thanks
MHM
ā05-02-2024 12:10 AM
what device is this ? what IOS code running on it ? - what Radius Server ?
Make sure Radius server are reachable use show radius and show radius counters all also try, ping to radius server
try changing as below bold and test it
aaa authentication login default group AA-RADIUS local
My suggestion config as below :
aaa new-model
radius server RAD_1
address ipv4 10.10.10.10
key mykey
radius server RAD_2
address ipv4 20.20.20.20
key mykey2
aaa group server radius RAD_GRP
server name RAD_1
server name RAD_2
aaa authentication login default group RAD_GRP local
ā05-02-2024 01:39 AM
Hi,
I am working on catalyst 9200 devices running on 17.9 IoS. The Radius server can be reached from the switch.
I am unable to add my key in the config as suggested:
X02YAL11UH001-KF002-(config-radius-server)#$ort 1645 ?
acct-port UDP port for RADIUS accounting server (default is 1813)
<cr> <cr>
X02YAL11UH001-KF002-(config-radius-server)#$9.5 auth-port 1645 acct-port ?
<0-65534> Port number
X02YAL11UH001-KF002-(config-radius-server)#$ort 1645 acct-port 1813 ?
<cr> <cr>
X02YAL11UH001-KF002-(config-radius-server)#$ort 1645 acct-port 1813 key ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide