Solved: Radius Authentication Issues

soypablocr · ‎12-26-2018

I was able to setup the RADIUS Authentication in one of my switches. I also was able to test the connectivity and it works fine:

test aaa group radius server x.x.x.x

Attempting authentication test to server-group radius using radius
User was successfully authenticated.

But when I try to login the session to the switch closes automatically

Do you know what could be causing the issue?

Richard Burts · ‎12-28-2018

I am glad to know that you resolved the issue by making some changes in the server. There are two ways that you can arrange to go directly into privilege mode when you log in. You could configure privilege level 15 under the vty lines. Or you can use authorization and have the radius server send authorization of level 15 based on how the user is set up in the server.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎12-26-2018

I have seen issues similar to this when there was a problem with authorization. I have also seen issues similar to this when the exec timeout was set to a very short value. Can you post your configuration of aaa and also the configuration of the console and vty lines?

HTH

Rick

HTH

Rick

soypablocr · ‎12-26-2018

line con 0
logging synchronous
line vty 0 4
exec-timeout 15 0
logging synchronous
transport input ssh
line vty 5 15
exec-timeout 15 0
logging synchronous
transport input ssh
!

aaa authentication fail-message ^ Authentication Failed; Try again. ^

aaa authentication login default group radius local

aaa authentication login local_auth group radius local

aaa authorization exec default group radius local

aaa authorization network default local

Also every time I login in when I access to privilege mode ask for the secret, how can I remove that so every time I login goes directly to the privileged mode?

Richard Burts · ‎12-27-2018

Thanks for the information. It shows clearly that the inactivity timeout is set to 15 minutes. So that is not the issue. I am a bit puzzled about the issue. Your original post indicated that when you attempt to access it immediately closed the session. Now you are asking about having to supply the enable secret to get into privilege mode, which implies that your access request was successful. Can you clarify what is the issue we are addressing in this discussion.

HTH

Rick

HTH

Rick

soypablocr · ‎12-27-2018

I resolved the issue of the session by removing from the RADIUS server the Frame Protocol and the Service Type after that I was able to log in to the switch using my AD credentials. Now the issue that I having is that when I logged in it does not go directly to the privilege mode it stays on user mode, so I don't know what I am missing.

Richard Burts · ‎12-28-2018

I am glad to know that you resolved the issue by making some changes in the server. There are two ways that you can arrange to go directly into privilege mode when you log in. You could configure privilege level 15 under the vty lines. Or you can use authorization and have the radius server send authorization of level 15 based on how the user is set up in the server.

HTH

Rick

HTH

Rick

soypablocr · ‎12-28-2018

I added privileged level 15 to the vty and now access directly to the privilege mode

Richard Burts · ‎12-28-2018

Glad to know that it is now working as you want it to and that my suggestions were helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick

HTH

Rick