Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
22006
Views
38
Helpful
18
Replies

SG300-28 RADIUS login

Go to solution
Martin Oesting
Level 1
Level 1

‎06-05-2013 09:52 AM

Hi,

I have some 2960s and they work like a charm. I configured RADIUS access on them and had no problems with that.

Now I have two C300 (SG300-28) and I can't get them to work with my RADIUS server, I always get an "authentication failed".

Here are the commands on one of the boxes:

encrypted radius-server key <encrypted key>

radius-server host <radius host IP> auth-port 1645 acct-port 1646

aaa authentication enable SSH radius enable

aaa authentication login SSH radius local

Also, why is it presenting me the login twice when I connect via ssh (first with "login-as:" and no password and then with "User Name:" and with a password?!) ? At the first login I can type whatever I want and only the second login is the real one.

Greetings

Martin

10 people had this problem
Labels:
0 Helpful
18 Replies 18

Go to solution
Steven Carnahan
Level 1
Level 1
In response to Michal Bruncko

‎01-06-2015 03:28 PM

Thank you, that worked like a charm. Now only get the Login as prompt and not the additional Username prompt.

Now I just need to get the Radius working properly.  :)

0 Helpful

Go to solution
Michal Bruncko
Level 4
Level 4
In response to Steven Carnahan

‎01-06-2015 03:51 PM

Still not working even after two years? :)
- do you have similar configuration like mentioned here: http://www.tech-recipes.com/rx/1478/how-to-setup-ias-to-use-radius-to-authenticate-cisco-device/ ?
- did you tried to increase IAS logging verbosity?
- did you performed packet capture to see RADIUS conversation between both parties? If so, did you saw Access-Accept or Access-Reject response coming from RADIUS server?
- if it is "Access-Reject", are you sure you are using correct login name password? did you see correct values (username and password) inside RADIUS conversation (inside message Access-Request)? If so, are you use complicated password with non ASCII characters? Have you tried to simplify it to include only ASCII characters in password (I hope this is requirement)?
- if it is "Access-Accept" message coming from RADIUS and you still not having access to device, have you checked mandatory fields inside "Access-Accept" message? both following were required in my scenario:

Service-Type = Administrative-User,
Cisco-AVPair = "shell:priv-lvl=15"

For me it is working well, but I am using FreeRADIUS instead of IAS (but this should not matter at all).

Go to solution
Michael Donaldson
Level 1
Level 1
In response to Michal Bruncko

‎11-20-2016 10:13 PM

Thanks Michael Bruncko. Changing the service-type from "Login" to "Administrative" on my NPS Win 2012 R2 server fixed it.

Would never have gotten there without your post.

Cheers!

0 Helpful

Go to solution
00u17ijrcn4iTTKHb5d7
Level 1
Level 1

‎07-23-2021 04:49 AM

SG300 Switches doesn’t allow AAA authentication. Request your support.

 

Following are the commands used for the config.

 

·         Radius-server host <IP> key <key>

·         Aaa authentication login <SSH_list_name> radius local

·         Aaa authentication login <Console_list_name> radius local

·         Aaa authentication enable <SSH_list_name> radius

·         Aaa authentication enable <Console_list_name> radius

·         Line ssh

·         Login authentication <SSH_list_name>

·         Line console

·         Login authentication <Console_list_name>

 

Note      : Same config works fine in SG350 switches.

                : SG300s are running on 1.4.11.5 (Boot Version: 1.3.5.06)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents