Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6015
Views
0
Helpful
4
Replies

radius-server source-ports command

Go to solution
mahesh18
Level 6
Level 6

‎02-04-2013 11:38 AM - edited ‎03-07-2019 11:30 AM

                   Hi everyone,

I am configuring new switch and i checked that old switch had this command

radius-server host x.x.x.x auth-port 1812 acct-port 1646 key 7

radius-server host x.x.x.x auth-port 1812 acct-port 1646 key 7

radius-server source-ports 1645-1646

This switch does not have option for radius-server source-ports command

Switch(config)#radius-server ?
  attribute           Customize selected radius attributes
  authorization       Authorization processing information
  cache               AAA auth cache default server group
  challenge-noecho    Data echoing to screen is disabled during
                      Access-Challenge
  configure-nas       Attempt to upload static routes and IP pools at startup
  dead-criteria       Set the criteria used to decide when a radius server is
                      marked dead
  deadtime            Time to stop using a server that doesn't respond
  directed-request    Allow user to specify radius server to use with `@server'
  domain-stripping    Strip the domain from the username
  host                Specify a RADIUS server
  key                 encryption key shared with the radius servers
  optional-passwords  The first RADIUS request can be made without requesting a
                      password
  retransmit          Specify the number of retries to active server
  retry               Specify how the next packet is sent after timeout.
  timeout             Time to wait for a RADIUS server to reply
  transaction         Specify per-transaction parameters
  unique-ident        Higher order bits of Acct-Session-Id
  vsa                 Vendor specific attribute configuration

Switch(config)#radius-server

My question is do i really need source ports command ? and whats use of it?

Thanks

Mahesh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mahesh18

‎02-04-2013 01:51 PM

Hi Mahesh,

Ok, then that is fine and you shouldn't need the:

radius-server source-ports extended command

radius-server source-ports extended

To enable 200 ports in the range from 21645 to 21844 to be used as the source ports for sending out RADIUS requests, use the radius-server source-ports extended command in global configuration mode. To return to the default setting,  in which ports 1645 and 1646 are used as the source ports for RADIUS  requests, use the no form of this command.

radius-server source-ports extended

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_r1gt.html

HTH

Reza


View solution in original post

0 Helpful
4 Replies 4

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎02-04-2013 01:26 PM

Hi Mahesh,

What type of switch is this and what version of IOS are you running?

Regarding radius ports:

Typically, a user login consists of a query (Access-Request) from the       NAS to the RADIUS server and a corresponding response (Access-Accept or       Access-Reject) from the server. The Access-Request packet contains the       username, encrypted password, NAS IP address, and port. The early deployment of       RADIUS was done using UDP port number 1645, which conflicts with the       "datametrics" service. Because of this conflict, RFC 2865 officially assigned       port number 1812 for RADIUS. Most Cisco devices and applications offer support       for either set of port numbers. The format of the request also provides       information about the type of session that the user wants to initiate. For       example, if the query is presented in character mode, the inference is       "Service-Type = Exec-User," but if the request is presented in PPP packet mode,       the inference is "Service Type = Framed User" and "Framed Type = PPP."

Here is the link:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800945cc.shtml

HTH

Reza

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Reza Sharifi

‎02-04-2013 01:38 PM

Hi Reza,

Seems after configuring two lines

radius-server host x.x.x.x auth-port 1812 acct-port 1646 key 7

radius-server host x.x.x.x auth-port 1812 acct-port 1646 key 7

switch automatically configures the line radius server source-port as i see the command in running config.

Switch is 3750 TS -E

Thanks

Mahesh

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mahesh18

‎02-04-2013 01:51 PM

Hi Mahesh,

Ok, then that is fine and you shouldn't need the:

radius-server source-ports extended command

radius-server source-ports extended

To enable 200 ports in the range from 21645 to 21844 to be used as the source ports for sending out RADIUS requests, use the radius-server source-ports extended command in global configuration mode. To return to the default setting,  in which ports 1645 and 1646 are used as the source ports for RADIUS  requests, use the no form of this command.

radius-server source-ports extended

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_r1gt.html

HTH

Reza


0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Reza Sharifi

‎02-04-2013 02:47 PM

Many thanks Reza for confirming my thought

Regards

Mahesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card