Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1836
Views
0
Helpful
3
Replies

Nexus_RAdius config

incognito
Level 1
Level 1

‎10-15-2019 05:04 AM

hi

Can someone check it? Is it right config for radius on nexus switch?

 

radius-server host 10.100.0.5 key 7 "******" authentication accounting
aaa group server radius RadServer

aaa authentication login default group RadServer local
aaa accounting default group RadServer
aaa authentication login error-enable

 


server 10.100.0.5
use-vrf vsan

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎10-15-2019 05:13 AM - edited ‎10-15-2019 05:14 AM

here is example working config :

aaa group server radius RADIUS-BB
server x.x.x.x
server y.y.y.y
use-vrf management ( generally this go via Management, you can use any VRF which can reach to Radius servers)

 

radius-server host x.x.x.x key 7 "mykey" authentication accounting
radius-server host y.y.y.y key 7 "mykey2" authentication accounting <- if you have 2 Radius
radius-server directed-request

aaa authentication login console local <- in case if you lock out with Radius)
aaa authentication login default group RADIUS-BB Local


Do not write the config untill all tested and working

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

incognito
Level 1
Level 1
In response to balaji.bandi

‎10-15-2019 09:11 PM - edited ‎10-15-2019 09:27 PM

1) Why did you use 2 server command? I have only one radius server (10.100.0.5). As i understand i can use only one server x.x.x.x command, right?

server x.x.x.x
server y.y.y.y

 

2) use-vrf management ( generally this go via Management, you can use any VRF which can reach to Radius servers).

In my case I have to use vrf vsan 

 

3) For what do we use this command?
radius-server directed-request 

4) what does Local mean at the end of this command?

aaa authentication login default group RADIUS-BB Local

 

Can you check the config now?

radius-server host 10.100.0.5 key 7 "******" authentication accounting
aaa group server radius RadServer

server 10.100.0.5
use-vrf vsan

aaa authentication login default group RadServer local
aaa accounting default group RadServer
aaa authentication login error-enable

aaa authentication login console local 


but radius sever is not working. I cant remotely connect to the nexus switch with radius(active directory) user credentials. Radius on windows server is configured correct. the problem is on the nexus side

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card