Search this Blog

Monday, November 16, 2009

Basic Radius configuration and Debugging for Cisco 3750

What are the basic bare-bones radius configuration for a 3750. Assume that the radius server is listening on ports 1812-1813 just enough to have a client authenticate. Also what are the needs for the vty line config?

Basic configuration

aaa new-model
aaa authentication login default local group radius
radius-server host x.x.x.x auth-port 1812 acct-port 1813
You can also try running debug radius authentication to help identify any issues.


VTY lines

There is no need for anything on the vty lines. You can set

login authentication
under your line config but it is not always needed

Key

There is no need to setup a key, but you can set one as a best practice
radius-server key 0 thisismykey
Other useful commands are as follow -

ip radius source-interface
radius-server timeout 10

Debugging

If you are connected to your device via telnet and you have turned on radius authentication debugging, type terminal monitor at priv exec mode:

hostname#terminal monitor

this will redirect the debug (log) messages to your vty session. Once you have done this, start another session and try to authenticate, but do not use the username letmein as you have chosen to do local auth first and radius second, letmein is defined in the local database. Try a username that is not defined locally but is instead configured on your radius server and then watch for the output on the screen to get a clue as to why it is failing.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

No comments :

Post a Comment

 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */