The radius server only has one interface and we do see the reply being sent by the server to the switch. An ip has been set to VLAN 1 and the radius server is part of that vlan. Switch ip is 10.9.19.5 and server ip is 10.9.19.16, netmask is /24.
JF -----Original Message----- From: [EMAIL PROTECTED] g [mailto:[EMAIL PROTECTED] adius.org] On Behalf Of Peter Nixon Sent: Tuesday, September 19, 2006 2:17 PM To: FreeRadius users mailing list Subject: Re: Authenticating users on cisco 3750 switch Do you have multiple interfaces in your radius server? Maybe you are replying from a different IP.. -Peter On Tue 19 Sep 2006 16:22, Jean-Francois Fortin wrote: > We did what is mentioned in the doc but still doesn't work. It is like > if the answer from the radius doesn't reach back the switch. But the > switch and the Radius server are on the same network. > > >From radius server: > > ... > modcall: group authorize returns ok for request 3 > auth: type Local > auth: user supplied User-Password matches local User-Password > Sending Access-Accept of id 148 to 10.9.19.5:21645 > Service-Type = NAS-Prompt-User > Finished request 3 > Going to the next request > --- Walking the entire request list --- > Waking up in 6 seconds... > rad_recv: Access-Request packet from host 10.9.19.5:21645, id=148, > length=62 > Sending duplicate reply to client tmiciscosw.tmi-ppe.oz.com:21645 - ID: > 148 > Re-sending Access-Accept of id 148 to 10.9.19.5:21645 > > On the Switch: > > 013717: Sep 19 13:19:24: %RADIUS-4-RADIUS_DEAD: RADIUS server > 10.9.19.16:1812,1. > 013718: Sep 19 13:19:24: %RADIUS-4-RADIUS_ALIVE: RADIUS server > 10.9.19.16:1812,. > % Username: timeout expired! > % Authentication failed. > > > > > -----Original Message----- > From: > [EMAIL PROTECTED] > g > [mailto:[EMAIL PROTECTED] > adius.org] On Behalf Of Peter Nixon > Sent: Tuesday, September 19, 2006 4:29 AM > To: FreeRadius users mailing list > Subject: Re: Authenticating users on cisco 3750 switch > > On Mon 18 Sep 2006 23:38, Jean-Francois Fortin wrote: > > Hi, > > > > We are trying to use freeradius as authentication system > > to > > > allow users to connect to our cisco switch (3750) for management. The > > radius server is running ok, we can authenticate Cisco ASA, BigIP LB > > against it. But when trying with the 3750, we see that the radius > > server accept the user and return an answer to the switch, but it > > doesn't work. Anyone has sample config using freeradius with cisco > > switch? > > http://wiki.freeradius.org/index.php/Cisco -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
