cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


1137
Views
0
Helpful
2
Replies
thni
Beginner

Radius on SF200-24

Just got a SF200-24 (SLM224GT) in to configure for a small office. According to the product manual and the web gui it should support RADIUS authentication. The switch is running the latest firmware 1.3.5.58. Full logging including debug is enabled.

Radius configuration set to use a local Freeradis setup for testing. After enabling RADIUS as a select authentication method and defining the radius sever settings I go to try it out.However, the switche does not even attempt to send any packet towards the radius server (checked using tcdump on the radius server). Also rebooted the switch to see if that would make any difference, but no. The logs on the switches does not give any indication of any radius attempts either despite debug logging being enabled.

I've also done a quick check to see if 802.1x would work with the radius setup, but it looks like that is failing as well - no radius packets are sent from the switch to the radius server at all.

Can someone confirm if they have go the SF200-24 to work with Raidus and management login and/or 802.1x?

Regards,

Thomas

1 ACCEPTED SOLUTION

Accepted Solutions
thni
Beginner

I got radius authentication up and running in the end. Should have thought of this before, and paid a closer attention to the thread on https://supportforums.cisco.com/thread/2132803 which does highlit the issue.

Radius must be listed before Local under Selected Methods if you are ever to use radius.

Radius.PNG

For future references, if anyone wonders how to confgure Windows NPS or Freeradius to use Radius auth with the SF/SG series switches:

Freeradius:

The following entry in the /etc/raddb/users file will allow user oladunk to authenticate with the password of mypass12

oladunk   Cleartext-Password := "mypass12"

        Service-Type = Administrative-User,

        cisco-avpair = "shell:priv-lvl=15"

For Windows NPS, the following settings will work as a Network Policy:

nps.png

View solution in original post

2 REPLIES 2
thni
Beginner

I got radius authentication up and running in the end. Should have thought of this before, and paid a closer attention to the thread on https://supportforums.cisco.com/thread/2132803 which does highlit the issue.

Radius must be listed before Local under Selected Methods if you are ever to use radius.

Radius.PNG

For future references, if anyone wonders how to confgure Windows NPS or Freeradius to use Radius auth with the SF/SG series switches:

Freeradius:

The following entry in the /etc/raddb/users file will allow user oladunk to authenticate with the password of mypass12

oladunk   Cleartext-Password := "mypass12"

        Service-Type = Administrative-User,

        cisco-avpair = "shell:priv-lvl=15"

For Windows NPS, the following settings will work as a Network Policy:

nps.png

Hi Thomas, thanks for the post. All RADIUS/ TACACS posts are very helpful especially when positive result is met. This is always a difficult subject since there's so many servers and such limited testing capability to facilitate everyones needs.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
Create
Recognize Your Peers
Polls
When looking for support content like videos or documents, how do you arrive at our support content?
Help us support you!