Help needed configuring MAB on FreeRADIUS and Cisco switch
Kaya Saman
kayasaman at gmail.com
Mon Jul 16 10:07:47 CEST 2012
On Fri, Jul 13, 2012 at 8:09 PM, alan buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
> you have defined the usual bits eg
>
> aaa new-model
> !
> !
> aaa authentication dot1x default group radius
> aaa accounting dot1x default start-stop group radius
> aaa accounting dot1x system start-stop group radius
>
> and you've got a radius-server entry with your RADIUS IP and some settings...
> but you are missing something - and i'm sure the switch logs would say so -
> or at least they would with some debug enabled:
>
> aaa group server radius XXXXXX
> server xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813
>
>
> replace XXXXX with your RADIUS group name and xxx.xxx.xxx.xxx with IP of
> your server
>
>
> alan
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks so much Alan for the config posting.
I have tried with your config and also changed all my 'aaa' strings to
include the radius group 'test' which I renamed things to.
Unfortunately there is still no information being propogated to the server???
The server has 4 NICs, only 2 of which are configured and have static
IP's. Radius claims to be listening on 'all' ports for the acct and
auth. I have rebooted the server and checked for any firewall
intervention and all seems good.
Issuing 'radius -X' still isn't showing anything :-(
I have no idea where the issue lies.
If it is a switch issue then I have gone through all the necessary
docuementation regarding my switch model: Cisco 3560G with POE:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/sw8021x.html#wp1196845
http://daemonkeeper.net/638/configure-mac-based-vlan-assignment-with-freeradius-and-junos/
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/sec_radius.html
http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a00808abf2d.shtml
and either the switch simply isn't sending RADIUS information; or the
server simply is ignoring the requests or not listening for them????
Radius can't be this hard to get working can it?
Regards,
Kaya
More information about the Freeradius-Users
mailing list