cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2531
Views
0
Helpful
1
Replies

Public Key & Radius

Christoph Faber
Level 1
Level 1

As several documents mention, it should be possible to authenticate on a switch via radius with a public key.

For example http://freeradius.1045715.n5.nabble.com/SSH-to-Cisco-Devices-td5714654.html

I tried several ways, for example

aaa group server radius RadiusServer

     server-private <IP> auth-port 1812 acct-port 1813 key 7 <KE>

aaa authentication attempts login 2

aaa authentication login default group RadiusServerlocal

aaa authorization exec default group RadiusServer if-authenticated

But the switch always displays the password prompt and I always got the message

Info: [eap] No EAP-Message, not doing EAP

Any Idea what to change?

1 Reply 1

Christoph Faber
Level 1
Level 1

Interesting the Forum killed my code

My example was:

aaa group server radius RadiusServer

server-private auth-port 1812 acct-port 1813 key 7

aaa authentication login default group RadiusServer local

aaa authorization exec default group RadiusServer local

radius-server attribute 6 on-for-login-auth

radius-server vsa send authentication