jchauncey60
asked on
Radius (NPS) Cisco Nexus 5xxx configuration
Greetings experts...
I have an environment that consists of several Cisco IOS devices and (currently) a single Nexus 5xxx device. Radius is being provided by Windows Server 2008R2. On the IOS devices Radius is authenticating properly but I can't seem to get the settings correct in the Nexus for it to log me in.
Below are the applicable lines from the Nexus configuration. Please let me know what else you might need to help me finish configuring. Thanks in advance.
I have an environment that consists of several Cisco IOS devices and (currently) a single Nexus 5xxx device. Radius is being provided by Windows Server 2008R2. On the IOS devices Radius is authenticating properly but I can't seem to get the settings correct in the Nexus for it to log me in.
Below are the applicable lines from the Nexus configuration. Please let me know what else you might need to help me finish configuring. Thanks in advance.
radius-server host 172.16.43.7 key 7 "Kwvw1sVieds1x" accounting
aaa group server radius radius
use-vrf management
aaa group server radius ADAUTH
server 172.16.43.7
ASKER
naderz,
Thanks for your quick response. I added the 'Vendor Specific' pair you suggested but still it is not working. When a use the 'test' command it returns Status=7, which I can't find much on.
Any other ideas?
Thanks for your quick response. I added the 'Vendor Specific' pair you suggested but still it is not working. When a use the 'test' command it returns Status=7, which I can't find much on.
Any other ideas?
[BEGIN]
SOANXS(config)# sh run
!Command: show running-config
!Time: Fri Mar 22 15:48:32 2013
version 5.0(3)N1(1c)
no feature telnet
no telnet server enable
cfs eth distribute
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature fex
....
radius-server host 172.16.43.7 key 7 "Kwvw1sasVieds1x" accounting
aaa group server radius radius
use-vrf management
aaa group server radius ADAUTH
server 172.16.43.7
....
aaa authentication login default group ADAUTH
aaa authentication login console group ADAUTH local
aaa accounting default group ADAUTH
aaa authentication login error-enable
radius-server directed-request
...
line console
line vty
[END]
SOANXS(config)# test aaa server radius 172.16.43.7 <username> <password>
error authenticating to server, status=7
SOANXS(config)# ping 172.16.43.7
PING 172.16.43.7 (172.16.43.7): 56 data bytes
64 bytes from 172.16.43.7: icmp_seq=0 ttl=127 time=5.057 ms
64 bytes from 172.16.43.7: icmp_seq=1 ttl=127 time=1.044 ms
64 bytes from 172.16.43.7: icmp_seq=2 ttl=127 time=0.882 ms
64 bytes from 172.16.43.7: icmp_seq=3 ttl=127 time=0.958 ms
64 bytes from 172.16.43.7: icmp_seq=4 ttl=127 time=0.954 ms
--- 172.16.43.7 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.882/1.778/5.057 ms
Well, Status=7 means the user name and password used is not recognized by the Radius server.
Would you post the "show radius all" and "show aaa all" command outputs? Please scrub the username/passwords (or, use fake ones) before posting.
Would you post the "show radius all" and "show aaa all" command outputs? Please scrub the username/passwords (or, use fake ones) before posting.
ASKER
Thanks for your assistance. The commands you asked for were not supported, hopefully this is what you need.
show radius-server
retransmission count:1
timeout value:5
deadtime value:0
source interface:Vlan643
total number of servers:1
following RADIUS servers are configured:
172.16.43.7:
available for accounting on port:1813
RADIUS shared secret:********
show aaa authe
default: group ADAUTH
console: group ADAUTH local
sh aaa groups
radius
ADAUTH
show radius-server
retransmission count:1
timeout value:5
deadtime value:0
source interface:Vlan643
total number of servers:1
following RADIUS servers are configured:
172.16.43.7:
available for accounting on port:1813
RADIUS shared secret:********
show aaa authe
default: group ADAUTH
console: group ADAUTH local
sh aaa groups
radius
ADAUTH
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Quick response and helpful!
You need to configure the following attribute in your RADIUS server:
cisco-av-pair=shell:roles=