In the course of my Cisco studies, I found the "local radius-server" feature in the AdvancedEnterprise IOS on a 2800 router and on my 871 wireless router. Research indicates it is there for times when your wireless access point can't contact the "real" access server, and this local server can authenticate users. In a quixotic quest for honor and prestige I am trying to make it the authentication server for a group of 2800 routers in the lab. It seems to almost work, answering radius requests from the clients, etc, but my authentication always fails on the client routers where I'm trying to login. I know the user/password is correct.
Does anyone know that this for sure can/cannot be made to work this way?
It may have something to do with the authentication being restricted to LEAP or EAP or something that Cisco routers don't ordinarily speak. -??-
On the server router:
AAA new-model
radius-server local
...nas (client IP) key 0 (SHAREKEY)
...user (USERNAME) password 0 (USERPASSWORD)
end
On the client routers:
AAA new-model
radius-server host (server IP) auth-port 1812 acct-port 1813 key (SHAREKEY)
aaa authentication login default group radius none
end
Thanks for any help & advice! -Eric
|
Similar Threads
