04-17-2012 05:08 AM - edited 03-07-2019 06:10 AM
Hello,
I have just added radius to my 2955 and when I log in I get this error:
Authorisation failed % error
This is what I have added.
aaa new-model
radius-server host 10.10.1.33 auth-port 1645 acct-port 1646 key secret
radius-server host 10.10.1.34 auth-port 1645 acct-port 1646 key secret
radius-server vsa send accounting
radius-server vsa send authentication
aaa authentication login default group radius local
aaa authentication enable default line
aaa authorization console
aaa authorization exec default group radius local
What does that error mean? Is it an issue with the romete radius server or my config?
04-17-2012 05:20 AM
Andy,
Try removing the authorization lines from the aaa config and see if that helps. If so, you'll need to pass the attribute back from your radius server for the authorization piece. Something like shell:priv-lvl=15.
Take a look at this post as it may help:
https://supportforums.cisco.com/thread/344219
John
04-20-2012 05:59 AM
Sorry for the delay, I'm still getting the error.
Cisco say that the Windows Radius server needs to send authorisation back to the switch, although the chap didn't know what I should add to the Radius server. Would you know?
The user lokos to get authenticated and then is seems the switch expects to see authorisation sent from the Radius server.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide