cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


16406
Views
5
Helpful
43
Replies
mplewis
Beginner

RADIUS authentication SF300-24P

RADIUS authentication SF300-24P

We have just purchased 20x SF300-24P switches to be installed at our remote offices and we are unable to get RADIUS authentication to work. We already use RADIUS on all our primary network CISCO switches (e.g. 4506s¸ 3560s, 3750s, AP1231Gs,etc) and these work fine so we know the RADIUS server is working.

We are trying to use RADIUS authentication to gain management access onto these switches. Quite simply although we can see that the RADIUS server is accepting the username and password being sent, however the switch says “authentication failed” when to receives the response. We are using Microsoft NPS RADIUS Clients for authentication purposes.

We have upgrade the switches to the latest firmware 1.1.2.0, via the console it seems to have a very cut down IOS version so we cannot use the typical CISCO command set to configure the RADIUS as we normally would. Looking at the web GUI there seems to be a number of options missing including the Accounting port. When debugging is switch on there is no indication to say that any of the settings have been misconfigured.

Any advice you could offer would be gratefully received.

Mike Lewis

43 REPLIES 43
rocater
Participant

Hello Mike,

On the latest firmware there is a CLI which is similar to the IOS but is not identical. It may take time getting used to using it. As for the RADIUS configuration, I can guide you to the configuration settings using the GUI. You will find it under Security > 802.1x > Properties.

Hi Robert,

Thank you for your reply. We have already attempted to setup RADIUS based authentication via the GUI using the guide. We added our RADIUS server with the appropriate key string, and then I ensured that RADIUS authentication was selected under the Management Access screen where it is listed above Local.

When trying to login via Telnet, Console or SSH they all report back as “authentication failed” when a correct username and password combination is used, if an invalid combination it simple asked for the username again with no warning or error prompt

We have captured the data packets from the RADIUS server and I can confirm that the correct that the user is successfully authenticated with “Access-Accept” and the parameters of Cisco_AVPair: shell:priv-lvl=15 are passed.

Is there something we are missing, another setting somewhere?

Many thanks,

Mike Lewis

mediatel_it
Beginner

We have the exact same problem with a SF 300-48P switch and Microsoft IAS RADIUS (running in 2003 Server). Other Cisco devices authenticate without problems, but the SF300 reports a IAS authentication failure. Our firmware version is 1.0.0.27

and we do plan to upgrade to the latest firmware, but after reading your post I don't think this will help since you have the same issue in 1.1.2.0

I have tested all versions of firmware and it would appear none of them work, I wonder if thsi feature works at all?

Mike Lewis

Same problem on SG300-28 with firmware 1.1.2.0

Did a test yesterday.

I am using FreeRADIUS 2.1.12

radius.log tells that username/password is correct but I do not get access to the CISCO GUI.

Hello everyone,

Thank you very much for the information. From what I can tell it is configured correctly. In order to better assist with this issue I suggest giving us a call at the support center and creating a case. If there is a problem with the feature we would really like know what is happening so we can fix it. Below is a link to contact us.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Please refer to this thread as well. Thank you!

I just spoke to Cisco SBSC (Small Business Support Center). I could not open a case as I was told that RADIUS authentication is not supported. When I asked the engineer on the suggested course of action I got the reply that we must wait for a new Firmware which will support RADIUS but no timeframe was given.I must say that I am really disappointed if this is the official position of Cisco.

I have also logged a support case with CISCO SBSC, they said they will look into the issue and get back to me. I don’t believe it is acceptable to say that RADIUS authentication is not supported as both the documentation and the GUI give clear indications that the switch supports this feature. I will let you know once I hear back.

Mike Lewis

Thank you for the update.

Costas, the admin guide and data sheet for the Sx300 series switch does say it supports RADIUS authentication. I am a bit disappointed that you would be told otherwise.

Mike, please message me the case number you have gotten and I will look into for you.

Hi Robert,

I have sent you the requested case number.

Mike Lewis

Hi Mike,

hi Costas,

I was told something similar when I asked for the accounting option which is documented in the Datasheet, was visible in the GUI on firmware 1.0.x and disapeared in firmware 1.1.2.0. Now they are working on the problem and I expect feedback on middle of mach about that.

I really don't know sure why there are so many problems and promised features which are not supported on the SG200/300 series and why cisco isn't able to fix these bugs just in time because the switches release date is over 1 year in the past.

Alexander,

Accounting option is being looked at in an up coming firmware. Not sure on the eta.

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

Costas,

Please provide me your case number so I can review the situation why this answer was given.

Thanks,

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

rocater
Participant

Hello everyone!

We have been checking and encountered the same issues. We found the following post from another user, that when tested, did help resolve the problem.

Please see the following:

https://supportforums.cisco.com/message/3568766#3568766

I hope this information helps you!

Create
Recognize Your Peers
Polls
How would you describe your level of technical expertise?