Thanks. do I need anything on the vty lines

No you should not need to but you can set

login authentication

under your line config but it is not always needed.

Just one more question. So do I neen to set a key.

You dont need a key, that depends on your radius server software but I would recommend you use one. The command is :-

radius-server key 0 thisismykey

Other useful commands are below:-

ip radius source-interface

radius-server timeout 10

here is the bare-bones config I am running. i included line that I thoughtw ere pertinent to radius. Do you think I am missing anything?

-service password-encryption

-enable password

-username letmein password 7

-aaa new-model

-aaa authentication login default local group radius

-radius-server host x.x.x.x auth-port 1812 acct-port 1813

-radius-server source-ports 1645-1646

-radius-retransmit 10

line con 0

line vty 5 15

Looks good to me, what do you get in the output of debug radius authentication ?

Also, no disrespect intended, but you can ping the radius server and the software is running and listening on the right ports?

I can ping the radius host from the switch and I have tried to ping the port using ping x.x.x.x 1812 and ping x.x.x.x 1813 from the switch and other locations in the same network but I do not get an answer. In the debug output I get.

radius protocol debugging is on

radius protocol brief debugging is off

radius protocol verbose debugging is on

radius packet hex dump debugging is off

radius packet protocol authentication debugging is on

radius packet protocol accounting debugging is off

radius elog debugging is off

radius server fail-over debugging is off

If you are connected to your device via telnet and you have turned on radius authentication debugging, type terminal monitor at priv exec mode:

hostname#terminal monitor

this will redirect the debug (log) messages to your vty session. Once you have done this, start another session and try to authenticate, but do not use the username letmein as you have chosen to do local auth first and radius second, letmein is defined in the local database. Try a username that is not defined locally but is instead configured on your radius server and then watch for the output on the screen to get a clue as to why it is failing.

That helped allot. I believe things on my end are set up correctly. I am setting up the switch part. Someone else is doing the radius server end. I am trying to help them out if I can. Debugging shows me that there is no response from server, tried all servers. the switch is trying to go out and query the ip of the radius server but it is not getting a response.