Mongo Peck
asked on
CISCO 3548-XL RADIUS LOGON
Hi,
I have reloaded a Cisco 3548-XL (Software V12.05) and for some reason I cannot get
Radius to Authenticate,
I recieve an authentication failed when using a domain account. All other switches are working without problems on the same Windows IAS Server.
Any help appriciated.
Here is the config.
*****Cisco 3548*****
aaa new-model
aaa group server radius Radius_Servers
server 10.42.7.100
server 10.42.7.110
!
aaa authentication login default group Radius_Servers local
aaa authorization network default group Radius_Servers
aaa authorization auth-proxy default group Radius_Servers
aaa authorization configuration default group Radius_Servers
aaa accounting delay-start
aaa accounting nested
aaa accounting update newinfo
aaa accounting exec default start-stop group Radius_Servers
aaa accounting system default start-stop group Radius_Servers
interface VLAN41
ip address 10.10.0.19 255.255.248.0
ip helper-address 10.42.7.100
ip helper-address 10.42.7.110
ip helper-address 10.42.7.120
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.10.0.1
ip radius source-interface VLAN41
radius-server host 10.42.7.100 auth-port 1645 acct-port 1646 key 7 *****
radius-server host 10.42.7.110 auth-port 1645 acct-port 1646 key 7 *****
*****AAA DEBUG*****
000088: Jan 6 18:34:42.586 GMT: AAA/AUTHEN/CONT (1524321245): continue_login (u
ser='testuser')
000089: Jan 6 18:34:42.586 GMT: AAA/AUTHEN (1524321245): status = GETPASS
000090: Jan 6 18:34:42.586 GMT: AAA/AUTHEN (1524321245): Method=Radius_Servers
(radius)
000091: Jan 6 18:34:42.615 GMT: AAA/AUTHEN (1524321245): status = ERROR
000092: Jan 6 18:34:42.615 GMT: AAA/AUTHEN/START (2368066011): port='tty0' list
='' action=LOGIN service=LOGIN
000093: Jan 6 18:34:42.615 GMT: AAA/AUTHEN/START (2368066011): Restart
000094: Jan 6 18:34:42.615 GMT: AAA/AUTHEN/START (2368066011): Method=LOCAL
000095: Jan 6 18:34:42.618 GMT: AAA/AUTHEN (2368066011): User not found, end of
method list
000096: Jan 6 18:34:42.618 GMT: AAA/AUTHEN (2368066011): status = FAIL
000097: Jan 6 18:34:44.644 GMT: AAA/MEMORY: free_user (0x539B98) user='testuser'
ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
000098: Jan 6 18:34:44.644 GMT: AAA: parse name=tty0 idb type=-1 tty=-1
000099: Jan 6 18:34:44.644 GMT: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0
adapter=0 port=0 channel=0
*****IAS SERVER LOG*****
10.10.0.19,testuser,01/06/
I have reloaded a Cisco 3548-XL (Software V12.05) and for some reason I cannot get
Radius to Authenticate,
I recieve an authentication failed when using a domain account. All other switches are working without problems on the same Windows IAS Server.
Any help appriciated.
Here is the config.
*****Cisco 3548*****
aaa new-model
aaa group server radius Radius_Servers
server 10.42.7.100
server 10.42.7.110
!
aaa authentication login default group Radius_Servers local
aaa authorization network default group Radius_Servers
aaa authorization auth-proxy default group Radius_Servers
aaa authorization configuration default group Radius_Servers
aaa accounting delay-start
aaa accounting nested
aaa accounting update newinfo
aaa accounting exec default start-stop group Radius_Servers
aaa accounting system default start-stop group Radius_Servers
interface VLAN41
ip address 10.10.0.19 255.255.248.0
ip helper-address 10.42.7.100
ip helper-address 10.42.7.110
ip helper-address 10.42.7.120
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.10.0.1
ip radius source-interface VLAN41
radius-server host 10.42.7.100 auth-port 1645 acct-port 1646 key 7 *****
radius-server host 10.42.7.110 auth-port 1645 acct-port 1646 key 7 *****
*****AAA DEBUG*****
000088: Jan 6 18:34:42.586 GMT: AAA/AUTHEN/CONT (1524321245): continue_login (u
ser='testuser')
000089: Jan 6 18:34:42.586 GMT: AAA/AUTHEN (1524321245): status = GETPASS
000090: Jan 6 18:34:42.586 GMT: AAA/AUTHEN (1524321245): Method=Radius_Servers
(radius)
000091: Jan 6 18:34:42.615 GMT: AAA/AUTHEN (1524321245): status = ERROR
000092: Jan 6 18:34:42.615 GMT: AAA/AUTHEN/START (2368066011): port='tty0' list
='' action=LOGIN service=LOGIN
000093: Jan 6 18:34:42.615 GMT: AAA/AUTHEN/START (2368066011): Restart
000094: Jan 6 18:34:42.615 GMT: AAA/AUTHEN/START (2368066011): Method=LOCAL
000095: Jan 6 18:34:42.618 GMT: AAA/AUTHEN (2368066011): User not found, end of
method list
000096: Jan 6 18:34:42.618 GMT: AAA/AUTHEN (2368066011): status = FAIL
000097: Jan 6 18:34:44.644 GMT: AAA/MEMORY: free_user (0x539B98) user='testuser'
ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
000098: Jan 6 18:34:44.644 GMT: AAA: parse name=tty0 idb type=-1 tty=-1
000099: Jan 6 18:34:44.644 GMT: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0
adapter=0 port=0 channel=0
*****IAS SERVER LOG*****
10.10.0.19,testuser,01/06/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would recheck that the IP address of the switch is in IAS as a RADIUS client, then recheck the shared secret
ASKER
Still fails to authenticate.
000285: Jan 6 21:26:21.786 GMT: AAA: parse name=tty1 idb type=-1 tty=-1
000286: Jan 6 21:26:21.786 GMT: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0
adapter=0 port=1 channel=0
000287: Jan 6 21:26:21.786 GMT: AAA/MEMORY: create_user (0x75DCFC) user='' ruse
r='' port='tty1' rem_addr='10.42.4.120' authen_type=ASCII service=LOGIN priv=1
000288: Jan 6 21:26:21.786 GMT: AAA/AUTHEN/START (607727842): port='tty1' list=
'' action=LOGIN service=LOGIN
000289: Jan 6 21:26:21.786 GMT: AAA/AUTHEN/START (607727842): using "default" l
ist
000290: Jan 6 21:26:21.788 GMT: AAA/AUTHEN/START (607727842): Method=Radius_Ser
vers (radius)
000291: Jan 6 21:26:21.788 GMT: AAA/AUTHEN (607727842): status = GETUSER
000292: Jan 6 21:26:24.790 GMT: AAA/AUTHEN/CONT (607727842): continue_login (us
er='(undef)')
000293: Jan 6 21:26:24.790 GMT: AAA/AUTHEN (607727842): status = GETUSER
000294: Jan 6 21:26:24.790 GMT: AAA/AUTHEN (607727842): Method=Radius_Servers (
radius)
000295: Jan 6 21:26:24.790 GMT: AAA/AUTHEN (607727842): status = GETPASS
000296: Jan 6 21:26:28.179 GMT: AAA/AUTHEN/CONT (607727842): continue_login (us
er='kpec01')
000297: Jan 6 21:26:28.179 GMT: AAA/AUTHEN (607727842): status = GETPASS
000298: Jan 6 21:26:28.179 GMT: AAA/AUTHEN (607727842): Method=Radius_Servers (
radius)
000299: Jan 6 21:26:28.216 GMT: AAA/AUTHEN (607727842): status = ERROR
000300: Jan 6 21:26:28.216 GMT: AAA/AUTHEN/START (3302067662): port='tty1' list
='' action=LOGIN service=LOGIN
000301: Jan 6 21:26:28.216 GMT: AAA/AUTHEN/START (3302067662): Restart
000302: Jan 6 21:26:28.216 GMT: AAA/AUTHEN/START (3302067662): no methods left
to try
000303: Jan 6 21:26:28.216 GMT: AAA/AUTHEN (3302067662): status = ERROR
000304: Jan 6 21:26:28.216 GMT: AAA/AUTHEN/START (3302067662): failed to authen
ticate
000305: Jan 6 21:26:30.243 GMT: AAA/MEMORY: free_user (0x75DCFC) user='testuser'
ruser='' port='tty1' rem_addr='10.42.4.120' authen_type=ASCII service=LOGIN priv
=1
000306: Jan 6 21:26:30.245 GMT: AAA: parse name=tty1 idb type=-1 tty=-1
000307: Jan 6 21:26:30.245 GMT: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0
adapter=0 port=1 channel=0
000308: Jan 6 21:26:30.245 GMT: AAA/MEMORY: create_user (0x54B1AC) user='' ruse
r='' port='tty1' rem_addr='10.42.4.120' authen_type=ASCII service=LOGIN priv=1
000309: Jan 6 21:26:30.245 GMT: AAA/AUTHEN/START (457875685): port='tty1' list=
'' action=LOGIN service=LOGIN
000310: Jan 6 21:26:30.245 GMT: AAA/AUTHEN/START (457875685): using "default" l
ist
000311: Jan 6 21:26:30.248 GMT: AAA/AUTHEN/START (457875685): Method=Radius_Ser
vers (radius)
000312: Jan 6 21:26:30.248 GMT: AAA/AUTHEN (457875685): status = GETUSER