[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1289
  • Last Modified:

Nexus 5010 AAA Radius Authentication Issue

I am able to ping the radius server 172.20.xx.10 from the vrf managment interface which is on a different subnet.  However when I try to autheticate I simply get AAA servers unreachable. Please look at code and advise. I have a 2008 r2 server with NPS running for the Radius and all my other switches are working fine off of it. Been scratching my head on this one. Thanks. --Rob.

 
STP-C5010-01# sh run
version 4.1(3)N2(1)
no feature telnet
no telnet server enable
feature interface-vlan

role name default-role
  description This is a system defined role and applies to all users.
  rule 5 permit show feature environment
  rule 4 permit show feature hardware
  rule 3 permit show feature module
  rule 2 permit show feature snmp
  rule 1 permit show feature system
username admin password 5 $1$7e6okdrX$HKYXI6FbU5RyLZRpgpUr.0  role network-admi
ssh key rsa 2048
ip host STP-C5010-01 172.20.68.1
radius-server host 172.20.xx.10 key 7 "xxx" authentication account
ng
aaa group server radius useRadius
    server 172.20.xx.10
    use-vrf management
switchname STP-C5010-01
snmp-server user admin network-admin auth md5 0x0372c0bb76f8b6b8ab016ee85049e11
 priv 0x0372c0bb76f8b6b8ab016ee85049e11b localizedkey
snmp-server host 172.20.xx.238 traps version 1 xxx ntp server 132.148.x.253 use-vrf management
aaa authentication login default group useRadius
aaa authentication login error-enable
radius-server directed-request

vrf context management
  ip route 0.0.0.0/0 172.20.68.250
vlan 1,68

interface Vlan1

interface Vlan68
  no shutdown
  ip address 172.20.xx.10/24

interface Ethernet1/1
  speed 1000

interface Ethernet1/2

interface Ethernet1/3

interface Ethernet1/4

interface Ethernet1/5

interface Ethernet1/6

interface Ethernet1/7

interface Ethernet1/8
  switchport access vlan 68
  speed 1000

interface Ethernet1/9

interface Ethernet1/10

interface Ethernet1/11

interface Ethernet1/12

interface Ethernet1/13

interface Ethernet1/14

interface Ethernet1/15

interface Ethernet1/16

interface Ethernet1/17

interface Ethernet1/18

interface Ethernet1/19

interface Ethernet1/20

interface mgmt0
  vrf member management
  ip address 172.20.xx.1/24
clock timezone CST -6 0
line console
boot kickstart bootflash:/n5000-uk9-kickstart.4.1.3.N2.1.bin
boot system bootflash:/n5000-uk9.4.1.3.N2.1.bin
ip route 0.0.0.0/0 172.20.xx.250

Open in new window

0
rclaxton1
Asked:
rclaxton1
1 Solution
 
rclaxton1Author Commented:
I again answered my own question. After looking at the logs in the NPS server I'm getting authentication errors and the nexus device is communicating w/ config above, However the error message "unable to communicate with AAA servers on the Nexus is just...false. Maybe this is fixed in a later code version in Nexus but put me in a four hour problem-solving detour. Please close this question. --Rob.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now