11-03-2009 01:29 AM
Hello,
trying to login into our SPS224G4 using Radius authentifacation and still unsuccessfull.
May be this is bug may be my misconfiguration.
STEP 1.
===================================================
Radius-server
radius-server host 10.1.0.54 key kf2f2ff2DADsaahhsnnkA source source 10.0.34.249 usage login
radius-server deadtime 1
This is my radius-server configuration:
Linksys_t# sh radius-servers
start
IP address Port port Time- Ret- Dead- source IP Prio. Usage
Auth Acct Out rans Time
--------------- ----- ----- ------ ------ ------ --------------- ----- -----
10.1.0.54 1812 1813 Global Global Global 10.0.34.249 0 login
Global values
--------------
TimeOut : 3
Retransmit : 3
Deadtime : 1
Source IP : 0.0.0.0
Source IPv6 : ::
========================================================
aaa authentification
aaa authentication enable perRadius none
aaa authentication login perRadius radius none
line telnet
login authentication perRadius
enable authentication perRadius
Linksys_t# sh authentication me
Login Authentication Method Lists
----------------------------------
Default : Local
perRadius : Radius None
Enable Authentication Method Lists
----------------------------------
Default : Enable None
perRadius : None
Line Login Method List Enable Method List
------- ----------------- -------------------
Console Default Default
Telnet perRadius perRadius
SSH Default Default
http : Local
https : Local
dot1x :
=====================================================
So if you look into my config, when I telenet to linksys SPS224 I should login using RADIUS. But it allways return: "Linksys_t# sh authentication me: :
"authentication failed"
STEP 2.
I digg deeply with Wireshark tool, the results you can see into radius_linksys_accept.pcap file
My Radius say: "access-accepted", therefore Linksys still says "authentication failed"
So what is the problem, am I misconfigured something?
This Radius work fine with Cisco and D-link switches.
running-config also attached (linksys.conf)
11-04-2009 07:47 AM
Hello,
I wanted to let you know that I will be testing this in my lab when time permits. I have an SPS224G4 though, is that an exact match for your equipment? I do not seem to have any SPS224s.
Regards,
Christopher
11-05-2009 02:10 PM
Please take a look at "Event Viewer" on your RADIUS server and post the error log for the source IAS.
Also inside the IAS snap in > RRAS policy > your policy > Right Click > Edit Profile; then "Advanced" what are the attributes listed? Looking for Name and Value. Please post what you have.
I was able to confirm that RADIUS is working as expected, so we should be able to correct your configuration.
11-06-2009 09:38 AM
Not sure if this is related, however I would suggest to also ensure that the Radius server is configured with a priv level 15 username.
If you are trying to pass additional attributes such as privilege levels or command sets to the switch, the switch might not understand these and respond with an authentication failed.
HTH,
Andrew Lee Lissitz
11-10-2009 01:19 PM
Actually at this moment our distributor asked to give this switch back, so I'm not able to test it anymore. :(
Also I can't check Radius configuration now too, but Cisco ME2400 works with it perfectly.
If you see into my attached CAPTURE file, you can see that Radius says "Connection-accept" with parameter as you listed:
Cisco-AVPair: priv-lvl=15
But Liksys still doesn't accept this connetion.
As soon as it will be possible to get this SW for testing, I'll try one more time.
Thanks for your answers.
11-11-2009 10:28 AM
I am sorry that we did not get this working before you had to give the switch back. I you get another opp to test this, do please try back within this community.
Kindest regards and have a great week,
Andrew
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide