RE: Authenticating users on cisco 3750 switch
We did what is mentioned in the doc but still doesn't work. It is like if the answer from the radius doesn't reach back the switch. But the switch and the Radius server are on the same network. From radius server: ... modcall: group authorize returns ok for request 3 auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 148 to 10.9.19.5:21645 Service-Type = NAS-Prompt-User Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.9.19.5:21645, id=148, length=62 Sending duplicate reply to client tmiciscosw.tmi-ppe.oz.com:21645 - ID: 148 Re-sending Access-Accept of id 148 to 10.9.19.5:21645 On the Switch: 013717: Sep 19 13:19:24: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.9.19.16:1812,1. 013718: Sep 19 13:19:24: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.9.19.16:1812,. % Username: timeout expired! % Authentication failed. -Original Message- From: [EMAIL PROTECTED] g [mailto:[EMAIL PROTECTED] adius.org] On Behalf Of Peter Nixon Sent: Tuesday, September 19, 2006 4:29 AM To: FreeRadius users mailing list Subject: Re: Authenticating users on cisco 3750 switch On Mon 18 Sep 2006 23:38, Jean-Francois Fortin wrote: Hi, We are trying to use freeradius as authentication system to allow users to connect to our cisco switch (3750) for management. The radius server is running ok, we can authenticate Cisco ASA, BigIP LB against it. But when trying with the 3750, we see that the radius server accept the user and return an answer to the switch, but it doesn't work. Anyone has sample config using freeradius with cisco switch? http://wiki.freeradius.org/index.php/Cisco -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Authenticating users on cisco 3750 switch
The radius server only has one interface and we do see the reply being sent by the server to the switch. An ip has been set to VLAN 1 and the radius server is part of that vlan. Switch ip is 10.9.19.5 and server ip is 10.9.19.16, netmask is /24. JF -Original Message- From: [EMAIL PROTECTED] g [mailto:[EMAIL PROTECTED] adius.org] On Behalf Of Peter Nixon Sent: Tuesday, September 19, 2006 2:17 PM To: FreeRadius users mailing list Subject: Re: Authenticating users on cisco 3750 switch Do you have multiple interfaces in your radius server? Maybe you are replying from a different IP.. -Peter On Tue 19 Sep 2006 16:22, Jean-Francois Fortin wrote: We did what is mentioned in the doc but still doesn't work. It is like if the answer from the radius doesn't reach back the switch. But the switch and the Radius server are on the same network. From radius server: ... modcall: group authorize returns ok for request 3 auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 148 to 10.9.19.5:21645 Service-Type = NAS-Prompt-User Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.9.19.5:21645, id=148, length=62 Sending duplicate reply to client tmiciscosw.tmi-ppe.oz.com:21645 - ID: 148 Re-sending Access-Accept of id 148 to 10.9.19.5:21645 On the Switch: 013717: Sep 19 13:19:24: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.9.19.16:1812,1. 013718: Sep 19 13:19:24: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.9.19.16:1812,. % Username: timeout expired! % Authentication failed. -Original Message- From: [EMAIL PROTECTED] g [mailto:[EMAIL PROTECTED] adius.org] On Behalf Of Peter Nixon Sent: Tuesday, September 19, 2006 4:29 AM To: FreeRadius users mailing list Subject: Re: Authenticating users on cisco 3750 switch On Mon 18 Sep 2006 23:38, Jean-Francois Fortin wrote: Hi, We are trying to use freeradius as authentication system to allow users to connect to our cisco switch (3750) for management. The radius server is running ok, we can authenticate Cisco ASA, BigIP LB against it. But when trying with the 3750, we see that the radius server accept the user and return an answer to the switch, but it doesn't work. Anyone has sample config using freeradius with cisco switch? http://wiki.freeradius.org/index.php/Cisco -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authenticating users on cisco 3750 switch
Hi, We are trying to use freeradius as authentication system to allow users to connect to our cisco switch (3750) for management. The radius server is running ok, we can authenticate Cisco ASA, BigIP LB against it. But when trying with the 3750, we see that the radius server accept the user and return an answer to the switch, but it doesnt work. Anyone has sample config using freeradius with cisco switch? Thanks JF Jean-Francois Fortin | Deployment Prime | OZ T: 514.390.1333 x4004 | F: 514.390.0033| M: 514.260.6334 | [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html