Unsolved
This post is more than 5 years old
2 Posts
0
65118
AAA on N2048
Trying to setup some new n2048p but can't make the AAA work. I used the config based on my 6248 and 7048 but it is showing log messages below:
0076 %% [CLI:jcaan:10.60.150.23] User login authentication failed
<189> Sep 2 10:30:34 10.61.240.21-1 TRAPMGR[130672796]: traputil.c(740) 10075 %% Failed User Login with User ID: jcaan
<190> Sep 2 10:30:34 10.61.240.21-1 USER_MGR[130672796]: user_mgr.c(1789) 10074 %% User jcaan Failed to login because of authentication failures
<190> Sep 2 10:30:34 10.61.240.21-1 RADIUS[130274260]: radius.c(1888) 10073 %% RADIUS: radiusRequestInfoProcess(): Could not successfully process the request
<189> Sep 2 10:30:34 10.61.240.21-1 RADIUS[130274260]: radius.c(1848) 10072 %% RADIUS: Server Entry is Null or Could not allocate Radius Packet
<189> Sep 2 10:30:34 10.61.240.21-1 RADIUS[130274260]: radius.c(1715) 10071 %% radiusRequestInfoProcess: Radius server not selected. Request Type: 1 Requestor: 21, USER_MGR
<190> Sep 2 10:30:34 10.61.240.21-1 RADIUS[130274260]: radius_txrx.c(365) 10070 %% RADIUS: Bind error
The current config is a below. Am I missing something? Thanks
jc
aaa authentication login "Management" radius local
aaa authentication login "Console" local
aaa authentication enable "Management" none
aaa authentication enable "Console" none
ip http authentication radius local
ip https authentication radius local
radius-server host auth x.x.x.x
name “radiusserver”
source-ip y.y.y.y
key “dell”
exit
line console
exec-timeout 5
login authentication Console
enable authentication Console
exit
line telnet
exec-timeout 5
login authentication Management
enable authentication Management
exit
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
September 2nd, 2014 07:00
Looking through your config I do not see anything that stands out as being incorrect. You could try changing # radius-server host auth x.x.x.x to # radius-server host x.x.x.x, but I am not sure it would change anything.
We can check the server settings with the following command.
console# show radius-servers
Looking at the messages you are receiving it looks like it is trying to authenticate, but fails authentication. With the configuration you have, Radius local, If the RADIUS server rejects the authentication request then the login attempt fails. The switch will not attempt to use the secondary authentication method. If the RADIUS server is unreachable or unresponsive the switch will then attempt to use the local database credentials
Since the switch is not attempting to use local credentials, it leads me to believe that the there is communication between the switch and the server, but authentication is failing. Did you directly copy this config from the older switches to the new switch? If so it might be a good idea to start over with the config and manually enter the commands. This will help ensure there were no spaces or other inaccuracies accidentally copied over.
JohnCaan
2 Posts
0
September 11th, 2014 22:00
The switch doesn't have the command "show radius-servers" like 6248. The closest command I can see is this and showing the switch is not sending out request to the radius server.
Any help is appreciated.
JC
switch#show radius statistics
RADIUS Server Name............................. server
Server Host Address............................ X.X.X.X
Round Trip Time................................ 0.00
Access Requests................................ 0
Access Retransmissions......................... 0
Access Accepts................................. 0
Access Rejects................................. 0
Access Challenges.............................. 0
Malformed Access Responses..................... 0
Bad Authenticators............................. 0
Pending Requests............................... 0
Timeouts....................................... 0
Unknown Types.................................. 0
Packets Dropped................................ 0
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
September 12th, 2014 10:00
Yeah it is showing no counters at all. Is the client able to ping the radius server? What OS is installed on the radius server? Config wise, i don't see anything missing, or that needs to be changed. Does the radius server have anything in it's logs?