catalysts + freeradius -> acs only ?

Discussion in 'Cisco' started by pilsner, Oct 9, 2006.

  1. pilsner

    pilsner Guest

    Hi

    I have problem with some catalysts eg 2948 with working with freeradius.
    Clients on w2k sp4 or wxp prof. logging (user and pass) and authenticate on
    freeradius. Freeradius tell to the catalyst that user is ok and ...nothing.
    Catalyst don't do anything. The port on catalyst is still unauthorized. I
    use freeradius-1.1.3, on w2k sp4 i use peap, mschap v2, i don't have any
    idea. Maybe there are some problems between cisco and freeradius ? maybe i
    have to use acs or ms ias ? but i would like freeradius because is for free
    ;)


    thanks
    pilsner
     
    pilsner, Oct 9, 2006
    #1
    1. Advertisements

  2. pilsner

    Guest Guest

    so the user telnets to the switch.. are they prompted for username and
    password? they enter correct details then what? any messages at all?

    check event log on the freeradius box and check shared radius key is
    correct, turn radius debuging on on the switch and console in and watch
    the messages when you try and authenticate.

    Flamer.
     
    Guest, Oct 10, 2006
    #2
    1. Advertisements

  3. pilsner

    pilsner Guest

    not exactly. Clients use 802.1x and radius to get attempt to network, they
    authenticate, freeradius send message to the switch that the user is ok and
    switch do nothing so user they haven't network. I try this on dell switch,
    poweronnect, but there was the same problem.



    thanks
    pilsner
     
    pilsner, Oct 10, 2006
    #3
  4. pilsner

    Guest Guest

    Ok but the users are trying to authenticate on the switch itself right?
    not to the domain??
    what do the logs say? do you want to post the switch config where it
    relates to aaa and radius?

    Flamer.
     
    Guest, Oct 10, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.