Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Radius authentication on Cisco Router

Status
Not open for further replies.
lui3

lui3

MIS
Feb 15, 2002
356
US
Hello all,

i am currently having some problems getting our cisco 3620 router to properly authenticate to a win2k running IAS. The 3620 is running IOS 11.1 and supports the aaa new-model features however i can't authenticate using radius.

I have enabled the following features

aaa new-model
radius-server host x.x.x.x auth-port 1812 acct-port 1813
radius-server timeout 10
radius-server key ??????? (this is the same on the radius server)
aaa authorization exec radius

However, when i go to my win2k server and check the log for authentication requests from my router i get no log. the router seems to be prompting me for a username and password which i have also set up in IAS but i see no log errors or otherwise. normally i would see something on the server indicating that a request has been made.

Can anyone tell me what i am doing wrong here. I have had no trouble getting it to work on the new 12.0 IOS but i am not familiar with the older 11.1 releases. Any help would be greatly appreciated. I think my problem lies on the router side since i am getting no requests on the server.


Thanks a million.


Michael Louis
CCNA,CCDA,Net+,AASP
michaellouis@hotmail.com
 
Sort by date Sort by votes
make sure u have these lines in your running/start-up config....

aaa authentication ppp default if-needed group radius

aaa authorization network default group radius if-authenticated

aaa accounting network default start-stop group radius

these tell the router how to authenticate.. where using a RADIUS server, or locally on the router.. this is when it looks up the RADIUS server IP and port, as u've specified above..

both authentication and accounting are taken care of..

good luck...
 
Upvote 0 Downvote
I am not authenticating outside users to this router. i am only trying to authenticate other routers in my wan frame network via the radius server. this router happens to be my core but i am simply trying to setup authentication centrally so that i can control the password management.

Would i need the

aaa authentication ppp default if-needd group radius

line if i was not authenticating any ppp users.

this particular router is on the same subnet as the radius server win2k. I would like to know the config to set it up. i can get the authentication username and password prompts to come up on the router but it never seems to query the server. i got my catalyst switches working fine so i know the win2k radius is working correctly. when i try to login into the router i get %Access Denied.

any ideas?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
293
CPM86
CPM86
B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
212
badwolf1686
B
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
568
nt8d09
nt8d09
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
565
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
536
Jared R
Jared R

Part and Inventory Search

Sponsor

Back
Top