cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
19252
Views
5
Helpful
43
Replies

RADIUS authentication SF300-24P

mplewis
Beginner
Beginner

RADIUS authentication SF300-24P

We have just purchased 20x SF300-24P switches to be installed at our remote offices and we are unable to get RADIUS authentication to work. We already use RADIUS on all our primary network CISCO switches (e.g. 4506s¸ 3560s, 3750s, AP1231Gs,etc) and these work fine so we know the RADIUS server is working.

We are trying to use RADIUS authentication to gain management access onto these switches. Quite simply although we can see that the RADIUS server is accepting the username and password being sent, however the switch says “authentication failed” when to receives the response. We are using Microsoft NPS RADIUS Clients for authentication purposes.

We have upgrade the switches to the latest firmware 1.1.2.0, via the console it seems to have a very cut down IOS version so we cannot use the typical CISCO command set to configure the RADIUS as we normally would. Looking at the web GUI there seems to be a number of options missing including the Accounting port. When debugging is switch on there is no indication to say that any of the settings have been misconfigured.

Any advice you could offer would be gratefully received.

Mike Lewis

43 Replies 43

rocater
Participant
Participant

Hello Mike,

On the latest firmware there is a CLI which is similar to the IOS but is not identical. It may take time getting used to using it. As for the RADIUS configuration, I can guide you to the configuration settings using the GUI. You will find it under Security > 802.1x > Properties.

Hi Robert,

Thank you for your reply. We have already attempted to setup RADIUS based authentication via the GUI using the guide. We added our RADIUS server with the appropriate key string, and then I ensured that RADIUS authentication was selected under the Management Access screen where it is listed above Local.

When trying to login via Telnet, Console or SSH they all report back as “authentication failed” when a correct username and password combination is used, if an invalid combination it simple asked for the username again with no warning or error prompt

We have captured the data packets from the RADIUS server and I can confirm that the correct that the user is successfully authenticated with “Access-Accept” and the parameters of Cisco_AVPair: shell:priv-lvl=15 are passed.

Is there something we are missing, another setting somewhere?

Many thanks,

Mike Lewis

mediatel_it
Beginner
Beginner

We have the exact same problem with a SF 300-48P switch and Microsoft IAS RADIUS (running in 2003 Server). Other Cisco devices authenticate without problems, but the SF300 reports a IAS authentication failure. Our firmware version is 1.0.0.27

and we do plan to upgrade to the latest firmware, but after reading your post I don't think this will help since you have the same issue in 1.1.2.0

I have tested all versions of firmware and it would appear none of them work, I wonder if thsi feature works at all?

Mike Lewis

Same problem on SG300-28 with firmware 1.1.2.0

Did a test yesterday.

I am using FreeRADIUS 2.1.12

radius.log tells that username/password is correct but I do not get access to the CISCO GUI.

Hello everyone,

Thank you very much for the information. From what I can tell it is configured correctly. In order to better assist with this issue I suggest giving us a call at the support center and creating a case. If there is a problem with the feature we would really like know what is happening so we can fix it. Below is a link to contact us.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Please refer to this thread as well. Thank you!

I just spoke to Cisco SBSC (Small Business Support Center). I could not open a case as I was told that RADIUS authentication is not supported. When I asked the engineer on the suggested course of action I got the reply that we must wait for a new Firmware which will support RADIUS but no timeframe was given.I must say that I am really disappointed if this is the official position of Cisco.

I have also logged a support case with CISCO SBSC, they said they will look into the issue and get back to me. I don’t believe it is acceptable to say that RADIUS authentication is not supported as both the documentation and the GUI give clear indications that the switch supports this feature. I will let you know once I hear back.

Mike Lewis