Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3252
Views
10
Helpful
5
Replies

RADIUS Issues c9300

Go to solution
abarb002
Level 1
Level 1

‎12-27-2019 12:06 PM

So I just inserted a new c9300 switch onto the network. Everything seems to be working fine. I am able to ssh into the switch not having such luck with RADIUS. I am getting a Audit Success in the Security log of the server, but I get the following message on the switch:

Sec_login_FAILED: Login failed (user invalid-credentials (source laptop) (local 22) reason: login authentication failed)

 

I know port 22 is ssh, but in my configs I do have 1812 listed as the radius port. I can't post my configs for security reasons.

 

Any suggestions on how to tackle this?

I use the same credentials for all devices.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
abarb002
Level 1
Level 1
In response to balaji.bandi

‎12-30-2019 06:46 PM

I discovered the problem. I fat fingered the switch ip address in the OSPF configurations, therefore the switch was unknown to the network and could not be authenticated. So a mis-configured ip in area 1 of the ospf was the problem. 

 

Thanks for you help. 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎12-27-2019 12:47 PM

Have a look at this link. Not sure you have the same issue but resetting the RSA key seems to have fixed this for someone here.

UDP  port 1812 is the correct, default radius port.

https://community.cisco.com/t5/network-management/login-on-failure-log-message-problem/td-p/3335410

HTH

0 Helpful

Go to solution
abarb002
Level 1
Level 1
In response to Reza Sharifi

‎12-30-2019 05:58 AM

No, this did not work. I am still getting a invalid credentials source laptop IP on port 22. 

 

My Radius settings are:

aaa authentication login INSIDE local-case group radius

aaa authentication login *access-list* group radius local-case

aaa authorization exec defulat group radius local if authenticated

 

radius server *name*

 address ip4 ip# auth-port 1812 acct-port 1813

 key 7 #############################

line vty 04

 access-class acl in

 access-class acl out

login authentication acl name

transport ssh

 

thoughts

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to abarb002

‎12-30-2019 06:44 AM

What if you remove the ACLs and test again?

no  access-class acl in

no  access-class acl out

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-28-2019 05:18 AM

Adding to other post - check on the radius server log also cross verification.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
abarb002
Level 1
Level 1
In response to balaji.bandi

‎12-30-2019 06:46 PM

I discovered the problem. I fat fingered the switch ip address in the OSPF configurations, therefore the switch was unknown to the network and could not be authenticated. So a mis-configured ip in area 1 of the ospf was the problem. 

 

Thanks for you help. 

0 Helpful
Customers Also Viewed These Support Documents