Re: Security: Microsoft RADIUS and Cisco [7:27554]
Which Radius server are you using? Is it listening for authentication requests on port 1812 or 1645? Looks like a radius server problem to me. Ensure it is indeed authenticating. Most radius servers have inbuilt facilities to test functionality. Tunji >From: "Pierre-Alex J. Guanel" >Reply-To: "Pierre-Alex J. Guanel" >To: [EMAIL PROTECTED] >Subject: Security: Microsoft RADIUS and Cisco [7:27554] >Date: Wed, 28 Nov 2001 14:50:55 -0500 > >I have the following configuration on my router: > >radius-server host auth-port 1812 acct-port 1813 >radius-server retransmit 3 >radius-server timeout 20 >radius-server key >! > >I have configured IAS with my router as the client and the Client-Vendor as >Cisco > >The shared secret is the same as the radius-server > >When I telnet to the router, after having entered a valid username and >password, > >I get the message "%authentication failed". > >I have turned on radius debugging on the router but I don't see anything. > >Did I miss something obvious? > >Pierre-Alex _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27827&t=27554 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Security: Microsoft RADIUS and Cisco [7:27554]
Just a couple of thoughts: You didn't say what you are using as a RADIUS server. If you are using MS's RADIUS, I've never heard of anyone getting it to work with Cisco devices. You should probably look at CiscoSecure ACS. Also, in conversations that I have had recently with TAC, Cisco is planning to move away from RADIUS in favor of TACACS+. In fact, some of the newer products such as the cat 3500's, etc. have no support at all for RADIUS. Hope that helps. Brian MADMAN wrote: > > I don't think your showing everything. Did you not define the > addres > of your host. You must have some aaa commands or you wouldn't > be able > to confgiure radius-server stuff. > > Dave > > "Pierre-Alex J. Guanel" wrote: > > > > I have the following configuration on my router: > > > > radius-server host auth-port 1812 acct-port 1813 > > radius-server retransmit 3 > > radius-server timeout 20 > > radius-server key > > ! > > > > I have configured IAS with my router as the client and the > Client-Vendor as > > Cisco > > > > The shared secret is the same as the radius-server > > > > When I telnet to the router, after having entered a valid > username and > > password, > > > > I get the message "%authentication failed". > > > > I have turned on radius debugging on the router but I don't > see anything. > > > > Did I miss something obvious? > > > > Pierre-Alex > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27628&t=27554 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Security: Microsoft RADIUS and Cisco [7:27554]
I don't think your showing everything. Did you not define the addres of your host. You must have some aaa commands or you wouldn't be able to confgiure radius-server stuff. Dave "Pierre-Alex J. Guanel" wrote: > > I have the following configuration on my router: > > radius-server host auth-port 1812 acct-port 1813 > radius-server retransmit 3 > radius-server timeout 20 > radius-server key > ! > > I have configured IAS with my router as the client and the Client-Vendor as > Cisco > > The shared secret is the same as the radius-server > > When I telnet to the router, after having entered a valid username and > password, > > I get the message "%authentication failed". > > I have turned on radius debugging on the router but I don't see anything. > > Did I miss something obvious? > > Pierre-Alex -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27562&t=27554 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
