Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
270
Views
0
Helpful
2
Replies

Radius question

John Trumbell
Level 1
Level 1

‎04-04-2013 06:13 AM - edited ‎03-07-2019 12:38 PM

Hi

I'd like to confirm that the behaviour of my radius configuration is what I'm expecting based on my configuration.

What I expect is that I use my AD account information to authenticate into a switch. If the radius servers are unavailable then I can use a local account to authenticate into the switch. Currently, the radius servers are up and I'm able to authenticate as expected(using AD account)

Based on the configuration below, if I lost connectivity to the radius server from the switch, should I be able to login with the local account?  Is there anything else I need to enable that functionality?

The majority of the models used are C2960's with 12.2(50 or 55) SE5 IOS.

Here's the config, ip's and account information have been removed.

username <userid> privilege 15 password 7 <password>

aaa new-model

!

!

aaa authentication login default group radius local

aaa authorization network default group radius local

radius-server host <ip address> auth-port 1645 acct-port 1646

radius-server host <ip address> auth-port 1445 acct-port 1646

radius-server key 7 <radius secret>

line con 0

line vty 0 4

access-class 50 in

password 7 <password>

transport input ssh

line vty 5 15

access-class 50 in

transport input ssh

Thanks

John

Labels:
0 Helpful
2 Replies 2

cadet alain
VIP Alumni
VIP Alumni

‎04-04-2013 06:15 AM

Hi,

there's nothing more to do, if you can't contact the radius server then the device will try the fallback method which is local user database.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

John Trumbell
Level 1
Level 1
In response to cadet alain

‎04-17-2013 05:24 AM

Hi

There's a switch I'm attempting to get into that has the same configuration as above, except the radius-server key is missing. This morning I disconnected the 2 RADIUS servers NIC, so they are unreachable, so I could use the local user ID to access the switch to set the key. I received an authentication failed error message as well the following:

%RADIUS-4-RADIUS_RADIUS_DEAD: RADIUS server is not responding

%RADIUS-4-RADIUS_RADIUS_ALIVE: RADIUS server is being marked alive..

The above message is repeated for both servers, 1 server is physical and the ethernet cable was removed, the other is a VM with the NIC properties disconnected.

This switch has servers connected into it that will be challanging to schedule an outage.

any ideas?

thanks

John

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card