do you have an access-list attached on vty lines?
Jean-Francois Fortin wrote:
The radius server only has one interface and we do see the reply being
sent by the server to the switch. An ip has been set to VLAN 1 and the
radius server is part of that vlan. Switch ip is 10.9.19.5 and server
ip is 10.9.19.16, netmask is /24.
JF
-----Original Message-----
From:
[EMAIL PROTECTED]
g
[mailto:[EMAIL PROTECTED]
adius.org] On Behalf Of Peter Nixon
Sent: Tuesday, September 19, 2006 2:17 PM
To: FreeRadius users mailing list
Subject: Re: Authenticating users on cisco 3750 switch
Do you have multiple interfaces in your radius server? Maybe you are
replying
from a different IP..
-Peter
On Tue 19 Sep 2006 16:22, Jean-Francois Fortin wrote:
We did what is mentioned in the doc but still doesn't work. It is
like
if the answer from the radius doesn't reach back the switch. But the
switch and the Radius server are on the same network.
>From radius server:
...
modcall: group authorize returns ok for request 3
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 148 to 10.9.19.5:21645
Service-Type = NAS-Prompt-User
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.9.19.5:21645, id=148,
length=62
Sending duplicate reply to client tmiciscosw.tmi-ppe.oz.com:21645 -
ID:
148
Re-sending Access-Accept of id 148 to 10.9.19.5:21645
On the Switch:
013717: Sep 19 13:19:24: %RADIUS-4-RADIUS_DEAD: RADIUS server
10.9.19.16:1812,1.
013718: Sep 19 13:19:24: %RADIUS-4-RADIUS_ALIVE: RADIUS server
10.9.19.16:1812,.
% Username: timeout expired!
% Authentication failed.
-----Original Message-----
From:
[EMAIL PROTECTED]
g
[mailto:[EMAIL PROTECTED]
adius.org] On Behalf Of Peter Nixon
Sent: Tuesday, September 19, 2006 4:29 AM
To: FreeRadius users mailing list
Subject: Re: Authenticating users on cisco 3750 switch
On Mon 18 Sep 2006 23:38, Jean-Francois Fortin wrote:
Hi,
We are trying to use freeradius as authentication system
to
allow users to connect to our cisco switch (3750) for management.
The
radius server is running ok, we can authenticate Cisco ASA, BigIP LB
against it. But when trying with the 3750, we see that the radius
server accept the user and return an answer to the switch, but it
doesn't work. Anyone has sample config using freeradius with cisco
switch?
http://wiki.freeradius.org/index.php/Cisco
--
---------------------------------------
Never ask a man what sort of computer he drives. If it's a Mac, he'll tell you. If not, why
embarrass him?
---------------------------------------
Ing. Andrea Gabellini
Email: [EMAIL PROTECTED]
Tel: 0549 886111 (Italy)
Tel. +378 0549 886111 (International)
Telecom Italia San Marino S.p.A.
Strada degli Angariari, 3
47891 Rovereta
Repubblic of San Marino
http://www.omniway.sm http://www.telecomitalia.sm
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
