Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15364
Views
5
Helpful
2
Replies

aaa configuration

Go to solution
bjssccouser
Level 1
Level 1

‎09-11-2009 04:41 AM - edited ‎03-04-2019 06:01 AM

Hi,

I currently have an 1812 router setup to accept PPTP VPN connections. All authentication takes place against a RADIUS server (Microsoft IAS), the config for this, which is working fine, ias as follows:

IOS 124-24.T1.bin

aaa authentication ppp default group radius local

aaa authorization network default group radius

vpdn-group VPN

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 1

interface Virtual-Template1

ip unnumbered Vlan1

peer default ip address dhcp

compress mppc

ppp encrypt mppe auto required

ppp authentication ms-chap-v2

ppp timeout idle 21600

radius-server host 1.1.1.1 auth-port 1645 acct-port 1646 key shared_key

I would like to be able to specify a backup RADIUS server, in case the primary failes. So I have specified the following config:

aaa group server radius authgroup

server 1.1.1.1

server 2.2.2.2

no radius-server host 1.1.1.1 auth-port 1645 acct-port 1646 key shared_key

aaa authentication ppp default group authgroup

aaa authorization network default group authgroup

However, with this configuration, authentication fails. A debug shows the following:

Sep 11 10:04:23.869: AAA/AUTHEN/PPP (00000056): Pick method list 'default'

Sep 11 10:12:18.889: %RADIUS-3-NOSERVERS: No Radius hosts configured or no valid server present in the server group authgroup

Any help would be appreciated.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎09-11-2009 05:49 AM

Hello,

You must not deconfigure the "radius-server host" commands when grouping them under a server group. You must retain both the "radius-server host" commands and only subsequently sort them into the groups according to your liking.

Have a look at this example: I have created an example server group and referred to an undefined RADIUS server. Observe the warning displayed:

R1(config)#aaa group server radius Example

R1(config-sg-radius)#server 1.2.3.4

R1(config-sg-radius)#

*Mar 1 04:49:00.446: %RADIUS-4-NOSERV: Warning: Server 1.2.3.4:1645,1646 is not defined.

So the solution in your case is simply to have both RADIUS servers defined before grouping in a server group.

Best regards,

Peter

View solution in original post

2 Replies 2

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎09-11-2009 05:49 AM

Hello,

You must not deconfigure the "radius-server host" commands when grouping them under a server group. You must retain both the "radius-server host" commands and only subsequently sort them into the groups according to your liking.

Have a look at this example: I have created an example server group and referred to an undefined RADIUS server. Observe the warning displayed:

R1(config)#aaa group server radius Example

R1(config-sg-radius)#server 1.2.3.4

R1(config-sg-radius)#

*Mar 1 04:49:00.446: %RADIUS-4-NOSERV: Warning: Server 1.2.3.4:1645,1646 is not defined.

So the solution in your case is simply to have both RADIUS servers defined before grouping in a server group.

Best regards,

Peter

Go to solution
bjssccouser
Level 1
Level 1
In response to Peter Paluch

‎09-11-2009 06:32 AM

Hi,

Thanks for your comments. I've applied your suggestions and that looks to have resolved the issue.

Next time I'll enable console logging for all the config.

Thank you for your help on this.

0 Helpful
Customers Also Viewed These Support Documents