3650 Radius Configuration
Have a new 3650 configured from scratch, I'm trying to get ssh/radius authentication setup. I went through a guide to setup on switch, I have several others that are working so i know the server is setup correctly, but when i try to use it on the switch, SSh works, and i can log in with local creds, but AD creds don't work. Thinking I'm missing something. was hoping someone could take a look over my config and see if anything stands out.. Thanks
3650_scrub.txt
3650_scrub.txt
ASKER
i have 15 other switches setup the same way that work. attached is code of one that works see if anything jumps out
usually we just enter ad username/pass. Don't need upn
3650_scrub.txt
usually we just enter ad username/pass. Don't need upn
3650_scrub.txt
What happens on the switch when you test radius auth. Double check whether the sw new switch is setup as a client on radius?
Which port is your radius server on, the one that works does not specify auth/acct ports while the instigator does not points to the newer 1812/1813 ports. Suggesting perhaps that the default might be running on 1645/1646 ....
Remove on the new the added auth-port 1812 acct-port 1813 and see
Radius-server.....
Your http authentication on the new is set to local only ....
Still double check that this switch is configured as a client on the radius box.
Remove on the new the added auth-port 1812 acct-port 1813 and see
Radius-server.....
Your http authentication on the new is set to local only ....
Still double check that this switch is configured as a client on the radius box.
ASKER
the switch is set as client, see attached, also see attached for the port config
Capture.PNG
Capture3.PNG
Capture.PNG
Capture3.PNG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
how do i remove it, i tried to do a no statement to that line but it didn't work
Try switching them to 1645/1646 respectively and see if that gets it to work.
ASKER
2nd_Floor_IDF_3650(config-
2nd_Floor_IDF_3650(config-
2nd_Floor_IDF_3650(config-
%Server already exists with same address port combination.
2nd_Floor_IDF_3650(config-
2nd_Floor_IDF_3650(config-
%Server already exists with same address port combination.
ASKER
ok i got it fixed...not sure what was wrong, basically i just backed all the radius config out and mimic'd a working switch config. Thanks for the help
Great to hear. You might want to take the time and make sure that your radius paths include both 1645/1812 and 1646/1813 including the local server firewall if any.
...
...
addomain\user?
Check what radius sees as far as a request.
Check your check items to see whether they pass.
If you have a test radius server to which you can have this switch send its radius packets without impacting the environment and without being inundated with other radius packets........... drop it into debug mode so you can see what comes in, what you sent and where the breakdown is.
Did you on the switch perform a test radius query?
potentially realm, or user from realm separation is where the issue is. DO you have other switches in the environment to which you can compare this one?