03-18-2014 09:12 AM - edited 03-07-2019 06:45 PM
Hi everyone,
I am currently struggling at having my radius server working on my Nexus 5548.
To make it short and clear (hopefully) :
The internal core network is made up of a bunch of Nexus 7k with out of band management through vlan interfaces and a dedicated vrf :
172.30/16 ; vrf context netmgmt
I am setting up a Nexus 5k in the DMZ and the traffic between the 7k and this 5k is hence cut. To keep on managing all the switches with ease I connected the management interface to one of the Nexus with the following configuration :
interface mgmt 0
vrf member management
ip address 172.30.10.70/16
(On the 7k side, the port is an access port)
Everything but the radius config is working fine (the radius servers are actually working as other switches are already bond to them) :
radius-server key 7 xxxxx
radius-server host 172.30.10.30 authenticating accounting
radius-server host 172.30.40.30 authenticating accounting
aaa group server radius Radius
server 172.30.10.30
server 172.30.40.30
use-vrf management
Anything wrong or that I have overlooked ?
Thanks for your help.
03-18-2014 09:16 AM
This is my radius config...... on a 5K
radius-server timeout 7
radius-server host 10.28.42.20 key 7 "Password" auth-port 1645 acct-port 1646 authentication accounting
radius-server host 10.28.42.21 key 7 "Password" auth-port 1645 acct-port 1646 authentication accounting
aaa group server radius Radius-Servers
server 10.28.42.20
server 10.28.42.21
aaa authentication login default group Radius-Servers
ip radius source-interface Vlan1
aaa authentication login default fallback error local
And it is currently working. On the radius server i also had to do this to make the users admins once logged in:
https://supportforums.cisco.com/document/137181/nexus-integration-admin-access-free-radius
03-18-2014 04:46 PM
Try adding "ip radius source-interface mgmt0".
08-16-2024 07:30 AM
Hi Marvin,
I am also trying to configure my Nexus 5548 switches with Radius Server (Freeradius) but its not working . If I do a show feature on my switch it does not show "aaa" . Do i need to add a license for this ?
Feature Name Instance State
-------------------- -------- --------
amt 1 disabled
bfd 1 disabled
bfd_app 1 disabled
bgp 1 disabled
bulkstat 1 disabled
cable-management 1 disabled
cts 1 disabled
dhcp 1 enabled
Thanks for your help.
Regards
Rahul
08-16-2024 01:50 PM
08-16-2024 02:45 PM - edited 08-20-2024 07:38 AM
Hello @Giuseppe Larosa ,
I did try that. It shows invalid command. And when i do show feature , it does not list aaa hence no option to enable or disable aaa.
Regards
Rahul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide