I am configuring RADIUS authentication on my switches but it does not work and I don't know why.
My configuration is pretty straightforward :
aaa new-model
aaa group server radius RADIUS-ACTIF
server x.x.x.x auth-port 1812 acct-port 1813
server y.y.y.y auth-port 1812 acct-port 1813
ip radius source-interface Vlan10
deadtime 1
aaa authentication attempts login 5
aaa authentication password-prompt Secured-Password:
aaa authentication username-prompt Secured-Username:
aaa authentication login default local
aaa authentication login RADIUS-ACTIF group RADIUS-ACTIF local
aaa authentication enable default enable
aaa authorization exec default group RADIUS-ACTIF local
aaa session-id common
line vty 0 4
login authentication RADIUS-ACTIF
The thing is : I can't see anything happening on the "Failed Attempts" on my ACS Server. There are no logs of my attempts at authentication.
ACS server is reachable via ping from my switches.
I have tried to test the RADIUS access with the test command : I get the User rejected feedback after less than 2/3 seconds, so I am thinking that I can access the RADIUS but I get blocked even before submitting my credentials. It's a very strange behavior.
Does anybody has an idea as to why this would happen?
I should also say that the exact same configuration is working on one switch (on a different IP plan though.
Thanks
Best Answer
According to my experience the two most common issues when dealing with AAA and Radius are:
Doing troubleshooting with comments it turned out that the pre-shared key was missing on the router.
To add this just type:
or (to define a default key):
If you are interested in a more general method for troubleshooting refere here: Troubleshooting RADIUS and TACACS+