Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
COURSE of the MONTH
14 days, 9 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
CISCO 3548-XL RADIUS LOGON
Posted on 2013-01-06
Hi,
I have reloaded a Cisco 3548-XL (Software V12.05) and for some reason I cannot get
Radius to Authenticate,
I recieve an authentication failed when using a domain account. All other switches are working without problems on the same Windows IAS Server.
Any help appriciated.
Here is the config.
*****Cisco 3548*****
aaa new-model
aaa group server radius Radius_Servers
server 10.42.7.100
server 10.42.7.110
!
aaa authentication login default group Radius_Servers local
aaa authorization network default group Radius_Servers
aaa authorization auth-proxy default group Radius_Servers
aaa authorization configuration default group Radius_Servers
aaa accounting delay-start
aaa accounting nested
aaa accounting update newinfo
aaa accounting exec default start-stop group Radius_Servers
aaa accounting system default start-stop group Radius_Servers
interface VLAN41
ip address 10.10.0.19 255.255.248.0
ip helper-address 10.42.7.100
ip helper-address 10.42.7.110
ip helper-address 10.42.7.120
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.10.0.1
ip radius source-interface VLAN41
radius-server host 10.42.7.100 auth-port 1645 acct-port 1646 key 7 *****
radius-server host 10.42.7.110 auth-port 1645 acct-port 1646 key 7 *****
*****AAA DEBUG*****
000088: Jan 6 18:34:42.586 GMT: AAA/AUTHEN/CONT (1524321245): continue_login (u
ser='testuser')
000089: Jan 6 18:34:42.586 GMT: AAA/AUTHEN (1524321245): status = GETPASS
000090: Jan 6 18:34:42.586 GMT: AAA/AUTHEN (1524321245): Method=Radius_Servers
(radius)
000091: Jan 6 18:34:42.615 GMT: AAA/AUTHEN (1524321245): status = ERROR
000092: Jan 6 18:34:42.615 GMT: AAA/AUTHEN/START (2368066011): port='tty0' list
='' action=LOGIN service=LOGIN
000093: Jan 6 18:34:42.615 GMT: AAA/AUTHEN/START (2368066011): Restart
000094: Jan 6 18:34:42.615 GMT: AAA/AUTHEN/START (2368066011): Method=LOCAL
000095: Jan 6 18:34:42.618 GMT: AAA/AUTHEN (2368066011): User not found, end of
method list
000096: Jan 6 18:34:42.618 GMT: AAA/AUTHEN (2368066011): status = FAIL
000097: Jan 6 18:34:44.644 GMT: AAA/MEMORY: free_user (0x539B98) user='testuser'
ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
000098: Jan 6 18:34:44.644 GMT: AAA: parse name=tty0 idb type=-1 tty=-1
000099: Jan 6 18:34:44.644 GMT: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0
adapter=0 port=0 channel=0
*****IAS SERVER LOG*****
10.10.0.19,testuser,01/06/
I have reloaded a Cisco 3548-XL (Software V12.05) and for some reason I cannot get
Radius to Authenticate,
I recieve an authentication failed when using a domain account. All other switches are working without problems on the same Windows IAS Server.
Any help appriciated.
Here is the config.
*****Cisco 3548*****
aaa new-model
aaa group server radius Radius_Servers
server 10.42.7.100
server 10.42.7.110
!
aaa authentication login default group Radius_Servers local
aaa authorization network default group Radius_Servers
aaa authorization auth-proxy default group Radius_Servers
aaa authorization configuration default group Radius_Servers
aaa accounting delay-start
aaa accounting nested
aaa accounting update newinfo
aaa accounting exec default start-stop group Radius_Servers
aaa accounting system default start-stop group Radius_Servers
interface VLAN41
ip address 10.10.0.19 255.255.248.0
ip helper-address 10.42.7.100
ip helper-address 10.42.7.110
ip helper-address 10.42.7.120
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.10.0.1
ip radius source-interface VLAN41
radius-server host 10.42.7.100 auth-port 1645 acct-port 1646 key 7 *****
radius-server host 10.42.7.110 auth-port 1645 acct-port 1646 key 7 *****
*****AAA DEBUG*****
000088: Jan 6 18:34:42.586 GMT: AAA/AUTHEN/CONT (1524321245): continue_login (u
ser='testuser')
000089: Jan 6 18:34:42.586 GMT: AAA/AUTHEN (1524321245): status = GETPASS
000090: Jan 6 18:34:42.586 GMT: AAA/AUTHEN (1524321245): Method=Radius_Servers
(radius)
000091: Jan 6 18:34:42.615 GMT: AAA/AUTHEN (1524321245): status = ERROR
000092: Jan 6 18:34:42.615 GMT: AAA/AUTHEN/START (2368066011): port='tty0' list
='' action=LOGIN service=LOGIN
000093: Jan 6 18:34:42.615 GMT: AAA/AUTHEN/START (2368066011): Restart
000094: Jan 6 18:34:42.615 GMT: AAA/AUTHEN/START (2368066011): Method=LOCAL
000095: Jan 6 18:34:42.618 GMT: AAA/AUTHEN (2368066011): User not found, end of
method list
000096: Jan 6 18:34:42.618 GMT: AAA/AUTHEN (2368066011): status = FAIL
000097: Jan 6 18:34:44.644 GMT: AAA/MEMORY: free_user (0x539B98) user='testuser'
ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
000098: Jan 6 18:34:44.644 GMT: AAA: parse name=tty0 idb type=-1 tty=-1
000099: Jan 6 18:34:44.644 GMT: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0
adapter=0 port=0 channel=0
*****IAS SERVER LOG*****
10.10.0.19,testuser,01/06/
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
3 Comments
while logged in with enable access, I might change the line
aaa authentication login default group Radius_Servers local
to
aaa authentication login default group Radius_Servers
by removing "local", you will only see the radius debug
and then keeping the session open, configure two debugs
debug aaa authentication
debug aaa protocol radius
then retry accessing the device using a different terminal
aaa authentication login default group Radius_Servers local
to
aaa authentication login default group Radius_Servers
by removing "local", you will only see the radius debug
and then keeping the session open, configure two debugs
debug aaa authentication
debug aaa protocol radius
then retry accessing the device using a different terminal
Tried a different terminal.
Still fails to authenticate.
000285: Jan 6 21:26:21.786 GMT: AAA: parse name=tty1 idb type=-1 tty=-1
000286: Jan 6 21:26:21.786 GMT: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0
adapter=0 port=1 channel=0
000287: Jan 6 21:26:21.786 GMT: AAA/MEMORY: create_user (0x75DCFC) user='' ruse
r='' port='tty1' rem_addr='10.42.4.120' authen_type=ASCII service=LOGIN priv=1
000288: Jan 6 21:26:21.786 GMT: AAA/AUTHEN/START (607727842): port='tty1' list=
'' action=LOGIN service=LOGIN
000289: Jan 6 21:26:21.786 GMT: AAA/AUTHEN/START (607727842): using "default" l
ist
000290: Jan 6 21:26:21.788 GMT: AAA/AUTHEN/START (607727842): Method=Radius_Ser
vers (radius)
000291: Jan 6 21:26:21.788 GMT: AAA/AUTHEN (607727842): status = GETUSER
000292: Jan 6 21:26:24.790 GMT: AAA/AUTHEN/CONT (607727842): continue_login (us
er='(undef)')
000293: Jan 6 21:26:24.790 GMT: AAA/AUTHEN (607727842): status = GETUSER
000294: Jan 6 21:26:24.790 GMT: AAA/AUTHEN (607727842): Method=Radius_Servers (
radius)
000295: Jan 6 21:26:24.790 GMT: AAA/AUTHEN (607727842): status = GETPASS
000296: Jan 6 21:26:28.179 GMT: AAA/AUTHEN/CONT (607727842): continue_login (us
er='kpec01')
000297: Jan 6 21:26:28.179 GMT: AAA/AUTHEN (607727842): status = GETPASS
000298: Jan 6 21:26:28.179 GMT: AAA/AUTHEN (607727842): Method=Radius_Servers (
radius)
000299: Jan 6 21:26:28.216 GMT: AAA/AUTHEN (607727842): status = ERROR
000300: Jan 6 21:26:28.216 GMT: AAA/AUTHEN/START (3302067662): port='tty1' list
='' action=LOGIN service=LOGIN
000301: Jan 6 21:26:28.216 GMT: AAA/AUTHEN/START (3302067662): Restart
000302: Jan 6 21:26:28.216 GMT: AAA/AUTHEN/START (3302067662): no methods left
to try
000303: Jan 6 21:26:28.216 GMT: AAA/AUTHEN (3302067662): status = ERROR
000304: Jan 6 21:26:28.216 GMT: AAA/AUTHEN/START (3302067662): failed to authen
ticate
000305: Jan 6 21:26:30.243 GMT: AAA/MEMORY: free_user (0x75DCFC) user='testuser'
ruser='' port='tty1' rem_addr='10.42.4.120' authen_type=ASCII service=LOGIN priv
=1
000306: Jan 6 21:26:30.245 GMT: AAA: parse name=tty1 idb type=-1 tty=-1
000307: Jan 6 21:26:30.245 GMT: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0
adapter=0 port=1 channel=0
000308: Jan 6 21:26:30.245 GMT: AAA/MEMORY: create_user (0x54B1AC) user='' ruse
r='' port='tty1' rem_addr='10.42.4.120' authen_type=ASCII service=LOGIN priv=1
000309: Jan 6 21:26:30.245 GMT: AAA/AUTHEN/START (457875685): port='tty1' list=
'' action=LOGIN service=LOGIN
000310: Jan 6 21:26:30.245 GMT: AAA/AUTHEN/START (457875685): using "default" l
ist
000311: Jan 6 21:26:30.248 GMT: AAA/AUTHEN/START (457875685): Method=Radius_Ser
vers (radius)
000312: Jan 6 21:26:30.248 GMT: AAA/AUTHEN (457875685): status = GETUSER
Still fails to authenticate.
000285: Jan 6 21:26:21.786 GMT: AAA: parse name=tty1 idb type=-1 tty=-1
000286: Jan 6 21:26:21.786 GMT: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0
adapter=0 port=1 channel=0
000287: Jan 6 21:26:21.786 GMT: AAA/MEMORY: create_user (0x75DCFC) user='' ruse
r='' port='tty1' rem_addr='10.42.4.120' authen_type=ASCII service=LOGIN priv=1
000288: Jan 6 21:26:21.786 GMT: AAA/AUTHEN/START (607727842): port='tty1' list=
'' action=LOGIN service=LOGIN
000289: Jan 6 21:26:21.786 GMT: AAA/AUTHEN/START (607727842): using "default" l
ist
000290: Jan 6 21:26:21.788 GMT: AAA/AUTHEN/START (607727842): Method=Radius_Ser
vers (radius)
000291: Jan 6 21:26:21.788 GMT: AAA/AUTHEN (607727842): status = GETUSER
000292: Jan 6 21:26:24.790 GMT: AAA/AUTHEN/CONT (607727842): continue_login (us
er='(undef)')
000293: Jan 6 21:26:24.790 GMT: AAA/AUTHEN (607727842): status = GETUSER
000294: Jan 6 21:26:24.790 GMT: AAA/AUTHEN (607727842): Method=Radius_Servers (
radius)
000295: Jan 6 21:26:24.790 GMT: AAA/AUTHEN (607727842): status = GETPASS
000296: Jan 6 21:26:28.179 GMT: AAA/AUTHEN/CONT (607727842): continue_login (us
er='kpec01')
000297: Jan 6 21:26:28.179 GMT: AAA/AUTHEN (607727842): status = GETPASS
000298: Jan 6 21:26:28.179 GMT: AAA/AUTHEN (607727842): Method=Radius_Servers (
radius)
000299: Jan 6 21:26:28.216 GMT: AAA/AUTHEN (607727842): status = ERROR
000300: Jan 6 21:26:28.216 GMT: AAA/AUTHEN/START (3302067662): port='tty1' list
='' action=LOGIN service=LOGIN
000301: Jan 6 21:26:28.216 GMT: AAA/AUTHEN/START (3302067662): Restart
000302: Jan 6 21:26:28.216 GMT: AAA/AUTHEN/START (3302067662): no methods left
to try
000303: Jan 6 21:26:28.216 GMT: AAA/AUTHEN (3302067662): status = ERROR
000304: Jan 6 21:26:28.216 GMT: AAA/AUTHEN/START (3302067662): failed to authen
ticate
000305: Jan 6 21:26:30.243 GMT: AAA/MEMORY: free_user (0x75DCFC) user='testuser'
ruser='' port='tty1' rem_addr='10.42.4.120' authen_type=ASCII service=LOGIN priv
=1
000306: Jan 6 21:26:30.245 GMT: AAA: parse name=tty1 idb type=-1 tty=-1
000307: Jan 6 21:26:30.245 GMT: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0
adapter=0 port=1 channel=0
000308: Jan 6 21:26:30.245 GMT: AAA/MEMORY: create_user (0x54B1AC) user='' ruse
r='' port='tty1' rem_addr='10.42.4.120' authen_type=ASCII service=LOGIN priv=1
000309: Jan 6 21:26:30.245 GMT: AAA/AUTHEN/START (457875685): port='tty1' list=
'' action=LOGIN service=LOGIN
000310: Jan 6 21:26:30.245 GMT: AAA/AUTHEN/START (457875685): using "default" l
ist
000311: Jan 6 21:26:30.248 GMT: AAA/AUTHEN/START (457875685): Method=Radius_Ser
vers (radius)
000312: Jan 6 21:26:30.248 GMT: AAA/AUTHEN (457875685): status = GETUSER
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch.
You will need to get the following things to follow this tutorial:
Telnet Scripting Tool e.g. TST10.exe
…
WARNING:
If you follow the instructions here, you will wipe out your VTP and VLAN configurations. Make sure you have backed up your switch!!!
I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you!
In this Micro Tutorial, you'll learn yo…
- Microsoft Applications
- Windows 10
- Windows OS
- Fonts Typography
- Windows 7, Microsoft Word
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses
Course of the Month14 days, 9 hours left to enroll
771 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.