Link to home
Create AccountLog in
Avatar of Leadtheway
LeadthewayFlag for United States of America

asked on

3650 Radius Configuration

Have a new 3650 configured from scratch, I'm trying to get ssh/radius authentication setup.  I went through a guide to setup on switch, I have several others that are working so i know the server is setup correctly, but when i try to use it on the switch, SSh works, and i can log in with local creds, but AD creds don't work. Thinking I'm missing something.  was hoping someone could take a look over my config and see if anything stands out.. Thanks
Avatar of arnold
Flag of United States of America image

Your issue is likely the encoding of the ad credentials you are using user@addomain

Check what radius sees as far as a request.
Check your check items to see whether they pass.

If you have a test radius server to which you can have this switch send its radius packets without impacting the environment and without being inundated with other radius packets........... drop it into debug mode so you can see what comes in, what you sent and where the breakdown is.

Did you on the switch perform a test radius query?

potentially realm, or user from realm separation is where the issue is. DO you have other switches  in the environment to which you can compare this one?
Avatar of Leadtheway


i have 15 other switches setup the same way that work.  attached is code of one that works see if anything jumps out

usually we just enter ad username/pass.  Don't need upn
What happens on the switch when you test radius auth. Double check whether the sw new switch is setup as a client on radius?
Which port is your radius server on, the one that works does not specify auth/acct ports while the instigator does not points to the newer 1812/1813 ports. Suggesting perhaps that the default might be running on 1645/1646 ....
Remove on the new the added auth-port 1812 acct-port 1813 and see

Your http authentication on the new is set to local only ....

Still double check that this switch is configured as a client on the radius box.
the switch is set as client, see attached, also see attached for the port config
Avatar of arnold
Flag of United States of America image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
how do i remove it, i tried to do a no statement to that line but it didn't work
Try switching them to 1645/1646 respectively and see if that gets it to work.
2nd_Floor_IDF_3650(config-radius-server)#address ipv4 auth
2nd_Floor_IDF_3650(config-radius-server)#$4 auth-port 1645 ac
2nd_Floor_IDF_3650(config-radius-server)#$9.9 auth-port 1645 acct-port 1646
%Server already exists with same address port combination.
ok i got it fixed...not sure what was wrong, basically i just backed all the radius config out and mimic'd a working switch config.  Thanks for the help
Great to hear. You might want to take the time and make sure that your radius paths include both 1645/1812 and 1646/1813 including the local server firewall if any.