Authenticating users on cisco 3750 switch

Andrea Gabellini andrea.gabellini at telecomitalia.sm
Wed Sep 20 09:28:19 CEST 2006


do you have an access-list attached on vty lines?


Jean-Francois Fortin wrote:
> The radius server only has one interface and we do see the reply being
> sent by the server to the switch.  An ip has been set to VLAN 1 and the
> radius server is part of that vlan.  Switch ip is 10.9.19.5 and server
> ip is 10.9.19.16, netmask is /24.
> 
> JF
> 
> -----Original Message-----
> From:
> freeradius-users-bounces+jean-francois.fortin=oz.com at lists.freeradius.or
> g
> [mailto:freeradius-users-bounces+jean-francois.fortin=oz.com at lists.freer
> adius.org] On Behalf Of Peter Nixon
> Sent: Tuesday, September 19, 2006 2:17 PM
> To: FreeRadius users mailing list
> Subject: Re: Authenticating users on cisco 3750 switch
> 
> Do you have multiple interfaces in your radius server? Maybe you are
> replying 
> from a different IP..
> 
> -Peter
> 
> On Tue 19 Sep 2006 16:22, Jean-Francois Fortin wrote:
>> We did what is mentioned in the doc but still doesn't work.  It is
> like
>> if the answer from the radius doesn't reach back the switch.  But the
>> switch and the Radius server are on the same network.
>>
>> >From radius server:
>>
>> ...
>> modcall: group authorize returns ok for request 3
>> auth: type Local
>> auth: user supplied User-Password matches local User-Password
>> Sending Access-Accept of id 148 to 10.9.19.5:21645
>>         Service-Type = NAS-Prompt-User
>> Finished request 3
>> Going to the next request
>> --- Walking the entire request list ---
>> Waking up in 6 seconds...
>> rad_recv: Access-Request packet from host 10.9.19.5:21645, id=148,
>> length=62
>> Sending duplicate reply to client tmiciscosw.tmi-ppe.oz.com:21645 -
> ID:
>> 148
>> Re-sending Access-Accept of id 148 to 10.9.19.5:21645
>>
>> On the Switch:
>>
>> 013717: Sep 19 13:19:24: %RADIUS-4-RADIUS_DEAD: RADIUS server
>> 10.9.19.16:1812,1.
>> 013718: Sep 19 13:19:24: %RADIUS-4-RADIUS_ALIVE: RADIUS server
>> 10.9.19.16:1812,.
>> % Username:  timeout expired!
>> % Authentication failed.
>>
>>
>>
>>
>> -----Original Message-----
>> From:
>>
> freeradius-users-bounces+jean-francois.fortin=oz.com at lists.freeradius.or
>> g
>>
> [mailto:freeradius-users-bounces+jean-francois.fortin=oz.com at lists.freer
>> adius.org] On Behalf Of Peter Nixon
>> Sent: Tuesday, September 19, 2006 4:29 AM
>> To: FreeRadius users mailing list
>> Subject: Re: Authenticating users on cisco 3750 switch
>>
>> On Mon 18 Sep 2006 23:38, Jean-Francois Fortin wrote:
>>> Hi,
>>>
>>>             We are trying to use freeradius as authentication system
>> to
>>
>>> allow users to connect to our cisco switch (3750) for management.
> The
>>> radius server is running ok, we can authenticate Cisco ASA, BigIP LB
>>> against it.  But when trying with the 3750, we see that the radius
>>> server accept the user and return an answer to the switch, but it
>>> doesn't work.  Anyone has sample config using freeradius with cisco
>>> switch?
>> http://wiki.freeradius.org/index.php/Cisco
> 

-- 

---------------------------------------
Never ask a man what sort of computer he drives. If it's a Mac, he'll tell you. If not, why 
embarrass him?
---------------------------------------
Ing. Andrea Gabellini
Email: andrea.gabellini at telecomitalia.sm
Tel: 0549 886111 (Italy)
Tel. +378 0549 886111 (International)

Telecom Italia San Marino S.p.A.
Strada degli Angariari, 3
47891 Rovereta
Repubblic of San Marino

http://www.omniway.sm  http://www.telecomitalia.sm



More information about the Freeradius-Users mailing list