cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

8994
Views
5
Helpful
19
Replies
Dean Thompson
Beginner

SG200-08 and Radius using IAS

I have set up the IAS following many topics, some vary slightly but most are the same.  The issue I have is my SG200-08 will not allow me access using radius.  Within the Windows Event Viewer I can see the following.

User deano was granted access.

Fully-Qualified-User-Name = HPMEDIASERVER\deano

NAS-IP-Address = <not present>

NAS-Identifier = A0-CF-5B-E4-72-5F

Client-Friendly-Name = Switch 1

Client-IP-Address = 192.168.0.36

Calling-Station-Identifier = <not present>

NAS-Port-Type = <not present>

NAS-Port = <not present>

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = ciscoauth

Authentication-Type = PAP

EAP-Type = <undetermined>

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The above tells me that I have been authorized and I see no failure or issue.  Now on the log on page for the switch it tells me..

Invalid Username or Password.

Please try again.

I unplug my network to it and access the security screen as I have it set to allow radius/local.  Everything is set up, I can't figure out what is going on with this!  does anyone have anything they can share as to why this is happening?

On a footnote, I also use Radius for my wireless devices, of which works fine... well until I removed everything in the remote access policy.

please help, this is driving me nuts... lol

19 REPLIES 19

Hello Dean,

EAP is for client access, are you trying to setup 802.1x for restricting clients from accessing the switch?

The switch can be a EAP authenticator, but not an EAP peer.

Please look over the following document.

http://www.google.com/imgres?imgurl=http://i.technet.microsoft.com/dynimg/IC157983.gif&imgrefurl=http://technet.microsoft.com/en-us/library/bb457039.aspx&usg=__UyZL1QAaRF0fbVtL38cPf5nlngQ=&h=375&w=600&sz=17&hl=en&start=10&zoom=1&tbnid=rOVFu0F5GqCzhM:...

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

I kinda figured it would be that way, was just looking into it to be sure.  Thank you for your help..

Great post. This got my SG200-08 authenticating from my RADIUS server in a matter of minutes - after hours of frustration.

 

Thank you, it took me a long time with the help from others to get this right.  I am happy it got you going within a short time.


Dean

One thing to remember, MS-CHAP is not a very good security system to employ, I have not played with others as of yet, but it works.