Goedemorgen, ik maak een omgeving met een radius server op centOS 6, en die hangt aan switch die op vlan 21 het ip address 192.168.1.21 heeft. De server heeft het ip address 192.168.1.254 en ze kunnen elkaar beide succesvol pingen. Nu komt het probleem.
Ik heb de switch en radius geconfigureerd naar verschillende handleidingen op het web, maar het lukt me maar niet om via de radius server in te loggen op mijn switch. Ik heb al de nodige debug outputs nagelopen maar ik krijg geen duidelijk beeld waar het mis gaat. Ook heb ik al meerdere websites doorzocht op eventuele oplossing maar die kon ik voor mijn omgeving niet vinden
hierbij mijn switch show run:
Building configuration...
Current configuration : 1748 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 3560G1
!
boot-start-marker
boot-end-marker
!
!
username admin password 0 root
aaa new-model
!
!
aaa authentication login default group radius local
!
!
!
aaa session-id common
system mtu routing 1990
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet0/1
switchport access vlan 21
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
no ip address
!
interface Vlan21
ip address 192.168.1.21 255.255.255.0
!
ip default-gateway 192.168.1.254
ip classless
ip http server
ip http secure-server
!
ip radius source-interface GigabitEthernet0/1
radius-server host 192.168.1.254 auth-port 1812 acct-port 1813 key 123
!
control-plane
!
!
line con 0
line vty 5 15
!
end
3560G1#
En hier mijn debug output als ik de test command probeer naar de radius server
3560G1#$2.168.1.254 auth-port 1812 acct-port 1813 admin root legacy count 1
Attempting authentication test to server-group radius using radius
*Mar 1 00:29:13.864: AAA: parse name=<no string> idb type=-1 tty=-1
*Mar 1 00:29:13.864: AAA/MEMORY: create_user (0x31C6384) user='admin' ruser='NULL' ds0=0 port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
*Mar 1 00:29:13.864: RADIUS: Pick NAS IP for u=0x31C6384 tableid=0 cfg_addr=0.0.0.0
*Mar 1 00:29:13.864: RADIUS: ustruct sharecount=1
*Mar 1 00:29:13.864: Radius: radius_port_info() success=0 radius_nas_port=1
*Mar 1 00:29:13.864: RADIUS/ENCODE: Best Local IP-Address 192.168.1.21 for Radius-Server 192.168.1.254
*Mar 1 00:29:13.864: RADIUS(00000000): Send Access-Request to 192.168.1.254:1812 id 1645/5, len 57
*Mar 1 00:29:13.864: RADIUS: authenticator FC 85 8A 00 79 2D F8 F2 - 3D DD 1D 61 EB 64 66 67
*Mar 1 00:29:13.864: RADIUS: NAS-IP-Address [4] 6 192.168.1.21
*Mar 1 00:29:13.864: RADIUS: NAS-Port-Type [61] 6 Async [0]
*Mar 1 00:29:13.864: RADIUS: User-Name [1] 7 "admin"
*Mar 1 00:29:13.864: RADIUS: User-Password [2] 18 *
*Mar 1 00:29:18.470: RADIUS: Retransmit to (192.168.1.254:1812,1813) for id 1645/5
*Mar 1 00:29:23.201: RADIUS: Retransmit to (192.168.1.254:1812,1813) for id 1645/5
*Mar 1 00:29:27.764: RADIUS: Retransmit to (192.168.1.254:1812,1813) for id 1645/5No authoritative response from any server.
3560G1#
*Mar 1 00:29:32.294: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.1.254:1812,1813 is not responding.
*Mar 1 00:29:32.294: RADIUS: Tried all servers.
*Mar 1 00:29:32.294: RADIUS: No valid server found. Trying any viable server
*Mar 1 00:29:32.294: RADIUS: Tried all servers.
*Mar 1 00:29:32.294: RADIUS: No response from (192.168.1.254:1812,1813) for id 1645/5
*Mar 1 00:29:32.294: RADIUS: No response from server
*Mar 1 00:29:32.294: AAA/MEMORY: free_user (0x31C6384) user='admin' ruser='NULL' port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 vrf= (id=0)
*Mar 1 00:29:32.303: %RADIUS-4-RADIUS_ALIVE: RADIUS server 192.168.1.254:1812,1813 has returned.
3560G1#
------------
Wat wel weer lukt is de local database testen met het command radtest op de server, er gaat dus iets mis tussen beide apparaten
Ik heb de switch en radius geconfigureerd naar verschillende handleidingen op het web, maar het lukt me maar niet om via de radius server in te loggen op mijn switch. Ik heb al de nodige debug outputs nagelopen maar ik krijg geen duidelijk beeld waar het mis gaat. Ook heb ik al meerdere websites doorzocht op eventuele oplossing maar die kon ik voor mijn omgeving niet vinden
hierbij mijn switch show run:
Building configuration...
Current configuration : 1748 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 3560G1
!
boot-start-marker
boot-end-marker
!
!
username admin password 0 root
aaa new-model
!
!
aaa authentication login default group radius local
!
!
!
aaa session-id common
system mtu routing 1990
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet0/1
switchport access vlan 21
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
no ip address
!
interface Vlan21
ip address 192.168.1.21 255.255.255.0
!
ip default-gateway 192.168.1.254
ip classless
ip http server
ip http secure-server
!
ip radius source-interface GigabitEthernet0/1
radius-server host 192.168.1.254 auth-port 1812 acct-port 1813 key 123
!
control-plane
!
!
line con 0
line vty 5 15
!
end
3560G1#
En hier mijn debug output als ik de test command probeer naar de radius server
3560G1#$2.168.1.254 auth-port 1812 acct-port 1813 admin root legacy count 1
Attempting authentication test to server-group radius using radius
*Mar 1 00:29:13.864: AAA: parse name=<no string> idb type=-1 tty=-1
*Mar 1 00:29:13.864: AAA/MEMORY: create_user (0x31C6384) user='admin' ruser='NULL' ds0=0 port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
*Mar 1 00:29:13.864: RADIUS: Pick NAS IP for u=0x31C6384 tableid=0 cfg_addr=0.0.0.0
*Mar 1 00:29:13.864: RADIUS: ustruct sharecount=1
*Mar 1 00:29:13.864: Radius: radius_port_info() success=0 radius_nas_port=1
*Mar 1 00:29:13.864: RADIUS/ENCODE: Best Local IP-Address 192.168.1.21 for Radius-Server 192.168.1.254
*Mar 1 00:29:13.864: RADIUS(00000000): Send Access-Request to 192.168.1.254:1812 id 1645/5, len 57
*Mar 1 00:29:13.864: RADIUS: authenticator FC 85 8A 00 79 2D F8 F2 - 3D DD 1D 61 EB 64 66 67
*Mar 1 00:29:13.864: RADIUS: NAS-IP-Address [4] 6 192.168.1.21
*Mar 1 00:29:13.864: RADIUS: NAS-Port-Type [61] 6 Async [0]
*Mar 1 00:29:13.864: RADIUS: User-Name [1] 7 "admin"
*Mar 1 00:29:13.864: RADIUS: User-Password [2] 18 *
*Mar 1 00:29:18.470: RADIUS: Retransmit to (192.168.1.254:1812,1813) for id 1645/5
*Mar 1 00:29:23.201: RADIUS: Retransmit to (192.168.1.254:1812,1813) for id 1645/5
*Mar 1 00:29:27.764: RADIUS: Retransmit to (192.168.1.254:1812,1813) for id 1645/5No authoritative response from any server.
3560G1#
*Mar 1 00:29:32.294: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.1.254:1812,1813 is not responding.
*Mar 1 00:29:32.294: RADIUS: Tried all servers.
*Mar 1 00:29:32.294: RADIUS: No valid server found. Trying any viable server
*Mar 1 00:29:32.294: RADIUS: Tried all servers.
*Mar 1 00:29:32.294: RADIUS: No response from (192.168.1.254:1812,1813) for id 1645/5
*Mar 1 00:29:32.294: RADIUS: No response from server
*Mar 1 00:29:32.294: AAA/MEMORY: free_user (0x31C6384) user='admin' ruser='NULL' port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 vrf= (id=0)
*Mar 1 00:29:32.303: %RADIUS-4-RADIUS_ALIVE: RADIUS server 192.168.1.254:1812,1813 has returned.
3560G1#
------------
Wat wel weer lukt is de local database testen met het command radtest op de server, er gaat dus iets mis tussen beide apparaten
:strip_icc():strip_exif()/u/82975/crop633eccabd9275_cropped.jpg?f=community)