fofanah78
asked on
Radius setup on a Cisco Switch with Server 2012
I'm trying to setup radius on a cisco switch with Windows server 2012. I followed the instructions from the below website for my setup. I'm getting an authentication failed error. Can someone please tell me what i'm doing wrong? I attached my config file.
http://www.ipbalance.com/security/radius/1165-windows-server-2012-as-radius-for-cisco-router-a-switch.html
Radius-Setup.txt
http://www.ipbalance.com/security/radius/1165-windows-server-2012-as-radius-for-cisco-router-a-switch.html
Radius-Setup.txt
ASKER
% Authentication failed
3560#sh aaa servers
RADIUS: id 1, priority 1, host 172.25.5.224, auth-port 1812, acct-port 1813
State: current UP, duration 408133s, previous duration 0s
Dead: total time 0s, count 0
Authen: request 0, timeouts 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Author: request 0, timeouts 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Account: request 0, timeouts 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Elapsed time since counters last cleared: 8w2d22h44m
3560#sh aaa servers
RADIUS: id 1, priority 1, host 172.25.5.224, auth-port 1812, acct-port 1813
State: current UP, duration 408133s, previous duration 0s
Dead: total time 0s, count 0
Authen: request 0, timeouts 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Author: request 0, timeouts 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Account: request 0, timeouts 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Elapsed time since counters last cleared: 8w2d22h44m
From cli,
test aaa group radius username password
might have to add keyword legacy at the end, depends on your IOS version.
test aaa group radius username password legacy
test aaa group radius username password
might have to add keyword legacy at the end, depends on your IOS version.
test aaa group radius username password legacy
ASKER
Attempting authentication test to server-group radius using radius
User authentication request was rejected by server.
i'm on code 12.2
User authentication request was rejected by server.
i'm on code 12.2
Just noticed. under vty config - what is "devices"?
If you configured ASAadmins, it should be ASAadmins.
line vty 0 4
exec-timeout 15 0
authorization exec ASAadmins
logging synchronous
login authentication ASAadmins
length 0
transport input telnet
But you don't really need these commands because you are using "default" so your aaa config applies to all lines.
If you configured ASAadmins, it should be ASAadmins.
line vty 0 4
exec-timeout 15 0
authorization exec ASAadmins
logging synchronous
login authentication ASAadmins
length 0
transport input telnet
But you don't really need these commands because you are using "default" so your aaa config applies to all lines.
Attempting authentication test to server-group radius using radius
User authentication request was rejected by server.
Have to look on the server log files why it was rejected - bad username/pw?
Or do debug radius authentication.
ASKER
AAA: Warning authentication list "ASAadmins" is not defined for LOGIN.
got that error on line vty. Please help
got that error on line vty. Please help
ASKER
username netadmin privilege 15 secret 5
aaa new-model
aaa group server radius ASAadmins
server-private 172.25.5.224 auth-port 1812 acct-port 1813 key 7
!
aaa authentication login default group ASAadmins local
aaa authorization exec default group ASAadmins if-authenticated
radius-server source-ports 1645-1646
!
control-plane
!
!
line con 0
exec-timeout 15 0
password 7
logging synchronous
login authentication ASAadmins
line vty 0 4
exec-timeout 15 0
password 7
logging synchronous
login authentication ASAadmins
length 0
transport input telnet
line vty 5 15
exec-timeout 15 0
password 7
logging synchronous
login authentication ASAadmins
length 0
transport input telnet
!
!
This is the debug command after I configured the device
Nov 28 15:36:29.476: AAA: parse name=tty2 idb type=-1 tty=-1
Nov 28 15:36:29.476: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0
Nov 28 15:36:29.476: AAA/MEMORY: create_user (0x26FD6F0) user='NULL' ruser='NULL' ds0=0 port='tty2' rem_addr='172.31.6.151' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
Nov 28 15:36:29.476: AAA/AUTHEN/START (3332495888): port='tty2' list='ASAadmins' action=LOGIN service=LOGIN
Nov 28 15:36:29.476: AAA/AUTHEN/START (3332495888): using "default" list
Nov 28 15:36:29.476: AAA/AUTHEN/START (3332495888): Method=ASAadmins (radius)
Nov 28 15:36:29.476: AAA/AUTHEN (3332495888): status = GETUSER
3560#
Nov 28 15:36:34.467: AAA/AUTHEN/CONT (3332495888): continue_login (user='(undef)')
Nov 28 15:36:34.467: AAA/AUTHEN (3332495888): status = GETUSER
Nov 28 15:36:34.467: AAA/AUTHEN (3332495888): Method=ASAadmins (radius)
Nov 28 15:36:34.467: AAA/AUTHEN (3332495888): status = GETPASS
3560#
Nov 28 15:36:39.391: AAA/AUTHEN/CONT (3332495888): continue_login (user='yusifu.admin')
Nov 28 15:36:39.391: AAA/AUTHEN (3332495888): status = GETPASS
Nov 28 15:36:39.391: AAA/AUTHEN (3332495888): Method=ASAadmins (radius)
Nov 28 15:36:39.391: RADIUS: Pick NAS IP for u=0x26FD6F0 tableid=0 cfg_addr=0.0.0.0
Nov 28 15:36:39.391: RADIUS: ustruct sharecount=1
Nov 28 15:36:39.391: Radius: radius_port_info() success=1 radius_nas_port=1
Nov 28 15:36:39.391: RADIUS(00000000): Send Access-Request to 172.25.5.224:1812 id 1645/8, len 84
Nov 28 15:36:39.391: RADIUS: authenticator 9F 04 2D 9B AA 79 C4 B4 - 5D C9 39 82 28 FF B6 7F
Nov 28 15:36:39.391: RADIUS: NAS-IP-Address [4] 6 172.31.1.8
Nov 28 15:36:39.391: RADIUS: NAS-Port [5] 6 2
Nov 28 15:36:39.391: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Nov 28 15:36:39.391: RADIUS: User-Name [1] 14 "yusifu.admin"
Nov 28 15:36:39.391: RADIUS: Calling-Station-Id [31] 14 "172.31.6.151"
Nov 28 15:36:39.391: RADIUS: User-Password [2] 18 *
Nov 28 15:36:39.391: RADIUS: Received from id 1645/8 172.25.5.224:1812, Access-Reject, len 20
Nov 28 15:36:39.400: RADIUS: authenticator B0 8E FD 1A D9 9F 8C 31 - 55 AB 9F 8E 08 25 EB A1
3560#
Nov 28 15:36:39.400: RADIUS: saved authorization data for user 26FD6F0 at 0
Nov 28 15:36:39.400: AAA/AUTHEN (3332495888): status = FAIL
3560#
Nov 28 15:36:41.405: AAA/AUTHEN/ABORT: (3332495888) because Unknown.
Nov 28 15:36:41.405: AAA/MEMORY: free_user_quiet (0x26FD6F0) user='yusifu.admin' ruser='NULL' port='tty2' rem_addr='172.31.6.151' authen_type=1 service=1 priv=1
Nov 28 15:36:41.405: AAA: parse name=tty2 idb type=-1 tty=-1
Nov 28 15:36:41.405: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0
Nov 28 15:36:41.405: AAA/MEMORY: create_user (0x265A670) user='NULL' ruser='NULL' ds0=0 port='tty2' rem_addr='172.31.6.151' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
3560#
Nov 28 15:36:41.405: AAA/AUTHEN/START (1655026052): port='tty2' list='ASAadmins' action=LOGIN service=LOGIN
Nov 28 15:36:41.405: AAA/AUTHEN/START (1655026052): using "default" list
Nov 28 15:36:41.405: AAA/AUTHEN/START (1655026052): Method=ASAadmins (radius)
Nov 28 15:36:41.405: AAA/AUTHEN (1655026052): status = GETUSER
3560#
aaa new-model
aaa group server radius ASAadmins
server-private 172.25.5.224 auth-port 1812 acct-port 1813 key 7
!
aaa authentication login default group ASAadmins local
aaa authorization exec default group ASAadmins if-authenticated
radius-server source-ports 1645-1646
!
control-plane
!
!
line con 0
exec-timeout 15 0
password 7
logging synchronous
login authentication ASAadmins
line vty 0 4
exec-timeout 15 0
password 7
logging synchronous
login authentication ASAadmins
length 0
transport input telnet
line vty 5 15
exec-timeout 15 0
password 7
logging synchronous
login authentication ASAadmins
length 0
transport input telnet
!
!
This is the debug command after I configured the device
Nov 28 15:36:29.476: AAA: parse name=tty2 idb type=-1 tty=-1
Nov 28 15:36:29.476: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0
Nov 28 15:36:29.476: AAA/MEMORY: create_user (0x26FD6F0) user='NULL' ruser='NULL' ds0=0 port='tty2' rem_addr='172.31.6.151' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
Nov 28 15:36:29.476: AAA/AUTHEN/START (3332495888): port='tty2' list='ASAadmins' action=LOGIN service=LOGIN
Nov 28 15:36:29.476: AAA/AUTHEN/START (3332495888): using "default" list
Nov 28 15:36:29.476: AAA/AUTHEN/START (3332495888): Method=ASAadmins (radius)
Nov 28 15:36:29.476: AAA/AUTHEN (3332495888): status = GETUSER
3560#
Nov 28 15:36:34.467: AAA/AUTHEN/CONT (3332495888): continue_login (user='(undef)')
Nov 28 15:36:34.467: AAA/AUTHEN (3332495888): status = GETUSER
Nov 28 15:36:34.467: AAA/AUTHEN (3332495888): Method=ASAadmins (radius)
Nov 28 15:36:34.467: AAA/AUTHEN (3332495888): status = GETPASS
3560#
Nov 28 15:36:39.391: AAA/AUTHEN/CONT (3332495888): continue_login (user='yusifu.admin')
Nov 28 15:36:39.391: AAA/AUTHEN (3332495888): status = GETPASS
Nov 28 15:36:39.391: AAA/AUTHEN (3332495888): Method=ASAadmins (radius)
Nov 28 15:36:39.391: RADIUS: Pick NAS IP for u=0x26FD6F0 tableid=0 cfg_addr=0.0.0.0
Nov 28 15:36:39.391: RADIUS: ustruct sharecount=1
Nov 28 15:36:39.391: Radius: radius_port_info() success=1 radius_nas_port=1
Nov 28 15:36:39.391: RADIUS(00000000): Send Access-Request to 172.25.5.224:1812 id 1645/8, len 84
Nov 28 15:36:39.391: RADIUS: authenticator 9F 04 2D 9B AA 79 C4 B4 - 5D C9 39 82 28 FF B6 7F
Nov 28 15:36:39.391: RADIUS: NAS-IP-Address [4] 6 172.31.1.8
Nov 28 15:36:39.391: RADIUS: NAS-Port [5] 6 2
Nov 28 15:36:39.391: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Nov 28 15:36:39.391: RADIUS: User-Name [1] 14 "yusifu.admin"
Nov 28 15:36:39.391: RADIUS: Calling-Station-Id [31] 14 "172.31.6.151"
Nov 28 15:36:39.391: RADIUS: User-Password [2] 18 *
Nov 28 15:36:39.391: RADIUS: Received from id 1645/8 172.25.5.224:1812, Access-Reject, len 20
Nov 28 15:36:39.400: RADIUS: authenticator B0 8E FD 1A D9 9F 8C 31 - 55 AB 9F 8E 08 25 EB A1
3560#
Nov 28 15:36:39.400: RADIUS: saved authorization data for user 26FD6F0 at 0
Nov 28 15:36:39.400: AAA/AUTHEN (3332495888): status = FAIL
3560#
Nov 28 15:36:41.405: AAA/AUTHEN/ABORT: (3332495888) because Unknown.
Nov 28 15:36:41.405: AAA/MEMORY: free_user_quiet (0x26FD6F0) user='yusifu.admin' ruser='NULL' port='tty2' rem_addr='172.31.6.151' authen_type=1 service=1 priv=1
Nov 28 15:36:41.405: AAA: parse name=tty2 idb type=-1 tty=-1
Nov 28 15:36:41.405: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0
Nov 28 15:36:41.405: AAA/MEMORY: create_user (0x265A670) user='NULL' ruser='NULL' ds0=0 port='tty2' rem_addr='172.31.6.151' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
3560#
Nov 28 15:36:41.405: AAA/AUTHEN/START (1655026052): port='tty2' list='ASAadmins' action=LOGIN service=LOGIN
Nov 28 15:36:41.405: AAA/AUTHEN/START (1655026052): using "default" list
Nov 28 15:36:41.405: AAA/AUTHEN/START (1655026052): Method=ASAadmins (radius)
Nov 28 15:36:41.405: AAA/AUTHEN (1655026052): status = GETUSER
3560#
Your RADIUS server is rejecting your login. Look in the server logs why. The switch is just passing your username/pw to the server.
ASKER
@ SIM50
I checked the logs in C:\Windows\System32\LogFil es didn't find anything. Also Event View Security Audits no luck. Do you know where else to check for these radius failed logins in Wins2012?
I checked the logs in C:\Windows\System32\LogFil
ASKER
Im still not getting any logs to the server. Can you please look at this config again?
username Admin privilege 15 secret 5 $1
aaa new-model
!
!
aaa group server radius ASAadmins
server-private 172.25.5.224 auth-port 1812 acct-port 1813 key 7 03
aaa authentication login default group ASAadmins local
aaa authorization console
aaa authorization exec default group ASAadmins local if-authenticated
ip radius source-interface Vlan997
ip sla 1
icmp-echo 8.8.8.8 source-ip 172.31.
frequency 30
line con 0
exec-timeout 15 0
privilege level 15
password 7 03374
logging synchronous
login authentication ASAadmins
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 15 0
password 7 081
logging synchronous
login authentication ASAadmins
transport input ssh
line vty 5 15
exec-timeout 15 0
password 7 081
logging synchronous
login authentication ASAadmins
transport input ssh
username Admin privilege 15 secret 5 $1
aaa new-model
!
!
aaa group server radius ASAadmins
server-private 172.25.5.224 auth-port 1812 acct-port 1813 key 7 03
aaa authentication login default group ASAadmins local
aaa authorization console
aaa authorization exec default group ASAadmins local if-authenticated
ip radius source-interface Vlan997
ip sla 1
icmp-echo 8.8.8.8 source-ip 172.31.
frequency 30
line con 0
exec-timeout 15 0
privilege level 15
password 7 03374
logging synchronous
login authentication ASAadmins
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 15 0
password 7 081
logging synchronous
login authentication ASAadmins
transport input ssh
line vty 5 15
exec-timeout 15 0
password 7 081
logging synchronous
login authentication ASAadmins
transport input ssh
ASKER
I tried a different switch same issue.
HELP!!!!!
.Nov 30 11:51:16.914: RADIUS: NAS-IP-Address [4] 6 172.31.1.1
.Nov 30 11:51:16.914: RADIUS(0000100A): Sending a IPv4 Radius Packet
.Nov 30 11:51:16.914: RADIUS(0000100A): Started 5 sec timeout
.Nov 30 11:51:17.842: RADIUS/ENCODE(0000100B): ask "Password: "
.Nov 30 11:51:17.842: RADIUS/ENCODE(0000100B): send packet; GET_PASSWORD
.Nov 30 11:51:17.842: RADIUS/ENCODE(0000100B):Or ig. component type = Exec
.Nov 30 11:51:17.843: RADIUS/ENCODE(0000100B): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
.Nov 30 11:51:17.843: RADIUS(0000100B): Config NAS IP: 172.31.1.1
.Nov 30 11:51:17.843: RADIUS(0000100B): Config NAS IPv6: ::
.Nov 30 11:51:17.843: RADIUS/ENCODE(0000100B): acct_session_id: 4010
.Nov 30 11:51:17.843: RADIUS(0000100B): sending
.Nov 30 11:51:17.843: RADIUS(0000100B): Send Access-Request to 172.25.5.224:1812 id 1645/10, len 88
.Nov 30 11:51:17.843: RADIUS: authenticator C9 9D 8F 95 30 CE 39 CC - 44 14 59 F7 B6 33 7A 45
.Nov 30 11:51:17.843: RADIUS: User-Name [1] 14 "yusifu.admin"
.Nov 30 11:51:17.843: RADIUS: Reply-Message [18] 12
.Nov 30 11:51:17.843: RADIUS: 50 61 73 73 77 6F 72 64 3A 20 [ Password: ]
.Nov 30 11:51:17.844: RADIUS: User-Password [2] 18 *
.Nov 30 11:51:17.844: RADIUS: NAS-Port [5] 6
.Nov 30 11:51:17.844: RADIUS: NAS-Port-Id [87] 6 "tty3"
.Nov 30 11:51:17.844: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
.Nov 30 11:51:17.844: RADIUS: NAS-IP-Address [4] 6 172.31.1.1
.Nov 30 11:51:17.844: RADIUS(0000100B): Sending a IPv4 Radius Packet
.Nov 30 11:51:17.844: RADIUS(0000100B): Started 5 sec timeout
.Nov 30 11:51:21.965: RADIUS(0000100A): Request timed out!
.Nov 30 11:51:21.965: RADIUS: Retransmit to (172.25.5.224:1812,1813) for id 1645/9
.Nov 30 11:51:21.966: RADIUS(0000100A): Started 5 sec timeout
.Nov 30 11:51:22.884: RADIUS(0000100B): Request timed out!
.Nov 30 11:51:22.885: RADIUS: Retransmit to (172.25.5.224:1812,1813) for id 1645/10
.Nov 30 11:51:22.885: RADIUS(0000100B): Started 5 sec timeout
.Nov 30 11:51:27.004: RADIUS(0000100A): Request timed out!
.Nov 30 11:51:27.004: RADIUS: Retransmit to (172.25.5.224:1812,1813) for id 1645/9
.Nov 30 11:51:27.004: RADIUS(0000100A): Started 5 sec timeout
.Nov 30 11:51:27.924: RADIUS(0000100B): Request timed out!
.Nov 30 11:51:27.925: RADIUS: Retransmit to (172.25.5.224:1812,1813) for id 1645/10
.Nov 30 11:51:27.925: RADIUS(0000100B): Started 5 sec timeout
.Nov 30 11:51:32.044: RADIUS(0000100A): Request timed out!
.Nov 30 11:51:32.044: RADIUS: Retransmit to (172.25.5.224:1812,1813) for id 1645/9
.Nov 30 11:51:32.045: RADIUS(0000100A): Started 5 sec timeout
.Nov 30 11:51:32.964: RADIUS(0000100B): Request timed out!
.Nov 30 11:51:32.964: RADIUS: Retransmit to (172.25.5.224:1812,1813) for id 1645/10
.Nov 30 11:51:32.964: RADIUS(0000100B): Started 5 sec timeout
mcfi-baker-core-3650#
.Nov 30 11:51:37.084: RADIUS(0000100A): Request timed out!
.Nov 30 11:51:37.084: RADIUS: No response from (172.25.5.224:1812,1813) for id 1645/9
.Nov 30 11:51:37.085: RADIUS/DECODE: No response from radius-server; parse response; FAIL
.Nov 30 11:51:37.085: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
.Nov 30 11:51:38.004: RADIUS(0000100B): Request timed out!
.Nov 30 11:51:38.005: RADIUS: No response from (172.25.5.224:1812,1813) for id 1645/10
.Nov 30 11:51:38.005: RADIUS/DECODE: No response from radius-server; parse response; FAIL
.Nov 30 11:51:38.005: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
HELP!!!!!
.Nov 30 11:51:16.914: RADIUS: NAS-IP-Address [4] 6 172.31.1.1
.Nov 30 11:51:16.914: RADIUS(0000100A): Sending a IPv4 Radius Packet
.Nov 30 11:51:16.914: RADIUS(0000100A): Started 5 sec timeout
.Nov 30 11:51:17.842: RADIUS/ENCODE(0000100B): ask "Password: "
.Nov 30 11:51:17.842: RADIUS/ENCODE(0000100B): send packet; GET_PASSWORD
.Nov 30 11:51:17.842: RADIUS/ENCODE(0000100B):Or
.Nov 30 11:51:17.843: RADIUS/ENCODE(0000100B): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
.Nov 30 11:51:17.843: RADIUS(0000100B): Config NAS IP: 172.31.1.1
.Nov 30 11:51:17.843: RADIUS(0000100B): Config NAS IPv6: ::
.Nov 30 11:51:17.843: RADIUS/ENCODE(0000100B): acct_session_id: 4010
.Nov 30 11:51:17.843: RADIUS(0000100B): sending
.Nov 30 11:51:17.843: RADIUS(0000100B): Send Access-Request to 172.25.5.224:1812 id 1645/10, len 88
.Nov 30 11:51:17.843: RADIUS: authenticator C9 9D 8F 95 30 CE 39 CC - 44 14 59 F7 B6 33 7A 45
.Nov 30 11:51:17.843: RADIUS: User-Name [1] 14 "yusifu.admin"
.Nov 30 11:51:17.843: RADIUS: Reply-Message [18] 12
.Nov 30 11:51:17.843: RADIUS: 50 61 73 73 77 6F 72 64 3A 20 [ Password: ]
.Nov 30 11:51:17.844: RADIUS: User-Password [2] 18 *
.Nov 30 11:51:17.844: RADIUS: NAS-Port [5] 6
.Nov 30 11:51:17.844: RADIUS: NAS-Port-Id [87] 6 "tty3"
.Nov 30 11:51:17.844: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
.Nov 30 11:51:17.844: RADIUS: NAS-IP-Address [4] 6 172.31.1.1
.Nov 30 11:51:17.844: RADIUS(0000100B): Sending a IPv4 Radius Packet
.Nov 30 11:51:17.844: RADIUS(0000100B): Started 5 sec timeout
.Nov 30 11:51:21.965: RADIUS(0000100A): Request timed out!
.Nov 30 11:51:21.965: RADIUS: Retransmit to (172.25.5.224:1812,1813) for id 1645/9
.Nov 30 11:51:21.966: RADIUS(0000100A): Started 5 sec timeout
.Nov 30 11:51:22.884: RADIUS(0000100B): Request timed out!
.Nov 30 11:51:22.885: RADIUS: Retransmit to (172.25.5.224:1812,1813) for id 1645/10
.Nov 30 11:51:22.885: RADIUS(0000100B): Started 5 sec timeout
.Nov 30 11:51:27.004: RADIUS(0000100A): Request timed out!
.Nov 30 11:51:27.004: RADIUS: Retransmit to (172.25.5.224:1812,1813) for id 1645/9
.Nov 30 11:51:27.004: RADIUS(0000100A): Started 5 sec timeout
.Nov 30 11:51:27.924: RADIUS(0000100B): Request timed out!
.Nov 30 11:51:27.925: RADIUS: Retransmit to (172.25.5.224:1812,1813) for id 1645/10
.Nov 30 11:51:27.925: RADIUS(0000100B): Started 5 sec timeout
.Nov 30 11:51:32.044: RADIUS(0000100A): Request timed out!
.Nov 30 11:51:32.044: RADIUS: Retransmit to (172.25.5.224:1812,1813) for id 1645/9
.Nov 30 11:51:32.045: RADIUS(0000100A): Started 5 sec timeout
.Nov 30 11:51:32.964: RADIUS(0000100B): Request timed out!
.Nov 30 11:51:32.964: RADIUS: Retransmit to (172.25.5.224:1812,1813) for id 1645/10
.Nov 30 11:51:32.964: RADIUS(0000100B): Started 5 sec timeout
mcfi-baker-core-3650#
.Nov 30 11:51:37.084: RADIUS(0000100A): Request timed out!
.Nov 30 11:51:37.084: RADIUS: No response from (172.25.5.224:1812,1813) for id 1645/9
.Nov 30 11:51:37.085: RADIUS/DECODE: No response from radius-server; parse response; FAIL
.Nov 30 11:51:37.085: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
.Nov 30 11:51:38.004: RADIUS(0000100B): Request timed out!
.Nov 30 11:51:38.005: RADIUS: No response from (172.25.5.224:1812,1813) for id 1645/10
.Nov 30 11:51:38.005: RADIUS/DECODE: No response from radius-server; parse response; FAIL
.Nov 30 11:51:38.005: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
ASKER
Do you thing there is an ACL list that's blocking the switch to the radius server?
Did you setup this new switch in Radius?
ASKER
Yes Sir
Can you ping the server? Open telnet to 1812?
ASKER
I can ping it just fine.
ASKER
I tried setup radius with my asa same problem. I turned off all the firewall on the server.
ASAVPN.PNG
ASAVPN.PNG
Open telnet to 1812?
ASKER
Yes I did
you should get logs at the server...
check if logging for "permit" and "deny" is enabled.
at windows server the logs are within application event-log.
check if logging for "permit" and "deny" is enabled.
at windows server the logs are within application event-log.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
no radius-server source-ports 1645-1646