Solved: Configuring secondary radius server for 802.1x authentication

Somnath Sen · ‎05-04-2018

Hi,

We are using Cisco 2960X switch with IOS version 15.2(4r)E3. We are using 802.1x authentication and using Microsoft NPS as radius server.

With the earlier IOS, we were able to configure two radius server for fallback with following command:

Router(config)#radius-server host X.X.X.X auth-port 1234 acct-port 5678
Router(config)#radius-server host Y.Y.Y.Y auth-port 1234 acct-port 5678

However, after upgrading the IOS to the current version, this command is not available and we have to create radius server group. But we are unable to make entry of two radius servers in the group. Whenever we create the second entry, the first one gets replaced.

Kindly suggest.

Thanks

Rob Ingram · ‎05-04-2018

Hi,

Try this:

radius server ISE-1
address ipv4 192.168.10.20 auth-port 1812 acct-port 1813
key Cisco1234

radius server ISE-2
address ipv4 192.168.10.21 auth-port 1812 acct-port 1813
key Cisco1234

aaa group server radius ISE_GROUP
server name ISE-1
server name ISE-2
ip radius source-interface Loopback1

aaa authentication dot1x default group ISE_GROUP

HTH

View solution in original post

Rob Ingram · ‎05-04-2018

Hi,

Try this:

radius server ISE-1
address ipv4 192.168.10.20 auth-port 1812 acct-port 1813
key Cisco1234

radius server ISE-2
address ipv4 192.168.10.21 auth-port 1812 acct-port 1813
key Cisco1234

aaa group server radius ISE_GROUP
server name ISE-1
server name ISE-2
ip radius source-interface Loopback1

aaa authentication dot1x default group ISE_GROUP

HTH

Somnath Sen · ‎05-04-2018

Thanks a lot