Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
821
Views
0
Helpful
4
Replies

Radius authentication

santos.alberto
Level 1
Level 1

‎12-28-2006 04:56 AM - edited ‎07-03-2021 01:25 PM

hello there,

someone could you tell me how it works?

aaa group server radius infrastructure

server 10.236.0.163 auth-port 1645 acct-port 1646

server 10.238.2.8 auth-port 1812 acct-port 1813

10.236.0.163 is my ACS

10.238.2.8 is my AP root bridge

my dout is, why are they using differents ports and why I scanned 10.238.2.8, I don' t sse any port opened.

kind Regards

Labels:
0 Helpful
4 Replies 4

scottmac
Level 10
Level 10

‎12-28-2006 09:53 AM

Ports 1645 & 1646 and ports 1812 and 1813 are all valid RADIUS ports.

1645 and 1812 are authentication / authorization ports

1646 and 1813 are accounting ports (who's on, how long, what did they do)

The two servers may be using the different port ranges to split the load, offer more authentication / accounting options ... no telling why, but it appears to be valid.

Scanning the AP/Root bridge would be the same effect as scanning a switch (or a chunk of wire) ... it's only infrastructure.

If anything, you'd scan 10.238.2.8 (the ACS server) or one of the RADIUS boxes; they are platforms and would have the open ports).

An AP or bridge is a Layer two device (at best) and don't know anything about Layer 3 ports.

Good Luck

Scott

0 Helpful

Benjamin Solero
Cisco Employee
Cisco Employee

‎12-29-2006 12:30 PM

Hi,

ACS default Auth/Acct ports for RADIUS are 1645/1646.

Aironet AP running IOS that supports "Local RADIUS" default Auth/Acct ports are 1812/1813.

My guess is that your AP was configured (at least partially) to support LEAP authentication of 'infrastructure' devices (e.g. AP's in a WDS infrastructure). Hence the server group named "infrastructure" and the configuration of the AP itself as a RADIUS Server.

The full configuration of the AP and details of your infrastructure might help.

Thanks,

Ben

0 Helpful

andrew.burns
Level 7
Level 7

‎01-02-2007 04:48 AM

Hi,

The original RFC for radius issued ports 1645/1646 which conflicted with the datametrics service. Because of this RFC 2865 officially assigned port numbers 1812/1813 for RADIUS.

So, what you have here is simply two radius servers (probably for redundancy) listening on different ports.

The following tech note has more detail:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800945cc.shtml

HTH

Andrew.

0 Helpful

brent-miller
Level 1
Level 1

‎08-30-2007 12:14 PM

radius works via udp. Most port scanners only handle TCP.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card