02-04-2013 11:38 AM - edited 03-07-2019 11:30 AM
Hi everyone,
I am configuring new switch and i checked that old switch had this command
radius-server host x.x.x.x auth-port 1812 acct-port 1646 key 7
radius-server host x.x.x.x auth-port 1812 acct-port 1646 key 7
radius-server source-ports 1645-1646
This switch does not have option for radius-server source-ports command
Switch(config)#radius-server ?
attribute Customize selected radius attributes
authorization Authorization processing information
cache AAA auth cache default server group
challenge-noecho Data echoing to screen is disabled during
Access-Challenge
configure-nas Attempt to upload static routes and IP pools at startup
dead-criteria Set the criteria used to decide when a radius server is
marked dead
deadtime Time to stop using a server that doesn't respond
directed-request Allow user to specify radius server to use with `@server'
domain-stripping Strip the domain from the username
host Specify a RADIUS server
key encryption key shared with the radius servers
optional-passwords The first RADIUS request can be made without requesting a
password
retransmit Specify the number of retries to active server
retry Specify how the next packet is sent after timeout.
timeout Time to wait for a RADIUS server to reply
transaction Specify per-transaction parameters
unique-ident Higher order bits of Acct-Session-Id
vsa Vendor specific attribute configuration
Switch(config)#radius-server
My question is do i really need source ports command ? and whats use of it?
Thanks
Mahesh
Solved! Go to Solution.
02-04-2013 01:51 PM
Hi Mahesh,
Ok, then that is fine and you shouldn't need the:
radius-server source-ports extended command
To enable 200 ports in the range from 21645 to 21844 to be used as the source ports for sending out RADIUS requests, use the radius-server source-ports extended command in global configuration mode. To return to the default setting, in which ports 1645 and 1646 are used as the source ports for RADIUS requests, use the no form of this command.
radius-server source-ports extended
http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_r1gt.html
HTH
Reza
02-04-2013 01:26 PM
Hi Mahesh,
What type of switch is this and what version of IOS are you running?
Regarding radius ports:
Typically, a user login consists of a query (Access-Request) from the NAS to the RADIUS server and a corresponding response (Access-Accept or Access-Reject) from the server. The Access-Request packet contains the username, encrypted password, NAS IP address, and port. The early deployment of RADIUS was done using UDP port number 1645, which conflicts with the "datametrics" service. Because of this conflict, RFC 2865 officially assigned port number 1812 for RADIUS. Most Cisco devices and applications offer support for either set of port numbers. The format of the request also provides information about the type of session that the user wants to initiate. For example, if the query is presented in character mode, the inference is "Service-Type = Exec-User," but if the request is presented in PPP packet mode, the inference is "Service Type = Framed User" and "Framed Type = PPP."
Here is the link:
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800945cc.shtml
HTH
Reza
02-04-2013 01:38 PM
Hi Reza,
Seems after configuring two lines
radius-server host x.x.x.x auth-port 1812 acct-port 1646 key 7
radius-server host x.x.x.x auth-port 1812 acct-port 1646 key 7
switch automatically configures the line radius server source-port as i see the command in running config.
Switch is 3750 TS -E
Thanks
Mahesh
02-04-2013 01:51 PM
Hi Mahesh,
Ok, then that is fine and you shouldn't need the:
radius-server source-ports extended command
To enable 200 ports in the range from 21645 to 21844 to be used as the source ports for sending out RADIUS requests, use the radius-server source-ports extended command in global configuration mode. To return to the default setting, in which ports 1645 and 1646 are used as the source ports for RADIUS requests, use the no form of this command.
radius-server source-ports extended
http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_r1gt.html
HTH
Reza
02-04-2013 02:47 PM
Many thanks Reza for confirming my thought
Regards
Mahesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide