Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1233
Views
0
Helpful
1
Replies

RADIUS Authentication on SG200-08 not working

patrick.casey1
Level 1
Level 1

‎01-04-2016 07:15 AM

For the life of me, I can't get my SG200-08 to authenticate via RADIUS.

My wireshark captures show that the requests are being accepted.

My RADIUS server logs show that the user is being authenticated successfully.

Even the RADIUS statistics on the switch show the correct number of Access Accepts (currently two).

I'm at a loss as to how I can get this to function. 

I've included my startup-config from the switch and my radius packet captures from Wireshark.

Labels:
startup-config.zip
radius.zip
0 Helpful
1 Reply 1

Michal Bruncko
Level 4
Level 4

‎01-10-2016 11:56 PM

Hello Patrick

I can see two issues:

  • your RADIUS server is responding too late - i.e. Access-Accept came with delay 8 seconds since first Access-Request sent by client. Thats really too long and cause visible authentication delays for users. Response should normally came within second.
  • you get Access-Accept, but you did not get logged in - this is because of missing important TLV's in RADIUS response message. You have to define following TLVs to be included in each positive response:
Service-Type = Administrative-User
Cisco-AVPair = "shell:priv-lvl=15"

Only with them switch recognizes that you are authorized to log in.

0 Helpful
Customers Also Viewed These Support Documents