Re: RADIUS authentication for SGE2010 switch

Bushy3008 · ‎06-09-2010

I am trying to configure a SGE2010 switch to use RADIUS authentication. At the moment, the NPS (Windows Server 2008r2 RADIUS) server is receiving the access request and is returning an access accept.

The switch does not let us log in.

Cisco-sw1(config)# 09-Nov-2009 21:10:35 %AAA-W-REJECT: New telnet connection for
user P@ssw0rd, source 192.168.10.213 destination REJECTED

Note: It is printing the user's password instead of the username.

I suspect it is something to do with the cisco-AV-pair attribute. I have tried the following values but nothing works:

Shell:priv-lvl=15

Shell = 15

Level = 15

Relevant lines from switch configuration:

radius-server host 192.168.1.23 key P@llssw0rd88
aaa authentication enable default none
aaa authentication login default radius

Any help would be more than greatly appreciated.

dtbullock · ‎06-10-2010

To get some visibility into the RADIUS exchange, you could configure logging on NPS. In the log is the name of the network policy which was ultimately used to evaluate the request. If it selects 'Connections to other access servers' (the lowest-priority policy that functions as a 'default deny'), then you'll know that for some reason the Conditions on *your* network policy are too specific to be matched.

Bushy3008 · ‎06-16-2010

The problem isn't that it is rejecting me. Using network monitor I can see it is accepting the request but for some reason just won't log me in.

A link was sent to me to another website where it show that you have to go into the settings tab of the policy and change the radius attribute

to Service-Type Administrative.

After doing that, I was able to log into the switch with any of the windows domain users I had specified.

This is the link that gave me the answer

http://wiki.freeradius.org/Linksys