Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Problem using oobm for aaa w/radius on 6120XG

Brandon Farmer
Occasional Contributor

Problem using oobm for aaa w/radius on 6120XG

Hi there,

 

I have a number of 6120XG blade switches for which I'm attempting to configure aaa with radius for authentication.  I have these switches setup with no IP address other than the OOBM interface.  I've tried configuring aaa with radius according to the docs, but it seems like the messages are never making it to my Radius server (Windows 2008 NPS).  Here's the config I'm using:

 

radius-server host 10.7.0.70 key "secretkey" oobm

aaa authentication ssh login radius local

aaa authentication ssh enable radius local

 

I've tailed the NPS log on the Windows server and I never see the request hit the NPS server.  I see this error in the log:

 

07/30/11 04:39:13 00421 radius: Can't reach RADIUS server 10.7.0.70

 

Which the docs say is a mismatched key, but I've checked, double-checked, retyped, and checked again, and the keys match. 

 

 

Here's the full config:

 

RAD-BS1-A# sh run
Running configuration:
; 516733-B21 Configuration Editor; Created on release #Z.14.26
hostname "RAD-BS1-A"

qos dscp-map 111000 priority 7

qos dscp-map 110000 priority 6

qos dscp-map 101000 priority 5

qos dscp-map 100000 priority 4

qos dscp-map 011000 priority 3

qos dscp-map 010000 priority 2

qos dscp-map 001000 priority 1

qos dscp-map 000000 priority 0

interface 23

   disable

   lacp Active

exit

interface 24

   disable

   lacp Active

exit

interface 17

   name "RAD-6509E-2_Te5/2"

exit

ip default-gateway 10.7.3.1

vlan 1

   name "DEFAULT_VLAN" 

   untagged 17-24

   no untagged 1-16

   no ip address

   exit

vlan 2

   name "Server_VLAN"

   untagged 1-2,4-8,10-16

   tagged 3,9,17

   no ip address

   ip igmp high-priority-forward

   exit

vlan 50

   name "CSM"

   tagged 3,9,17

   no ip address

   exit

logging 10.7.0.108 oobm

logging facility local5

radius-server host 10.7.0.70 key "secretkey" oobm

timesync sntp

sntp unicast

sntp 300

sntp server priority 1 10.7.0.81 3 oobm

snmp-server community "SecretCommunity" unrestricted

aaa authentication ssh login radius local

aaa authentication ssh enable radius local

spanning-tree

spanning-tree config-name "Cisco-HP"

spanning-tree config-revision 1

spanning-tree instance 1 vlan 1 2 30 50 66 70 75 80 100-102 999

spanning-tree instance 2 vlan 20 40

oobm

   ip address 10.7.3.13 255.255.255.0

   ip default-gateway 10.7.3.1

   exit

primary-vlan 2

password manager

Thanks in advance!

3 REPLIES
apezuela
Occasional Visitor

Re: Problem using oobm for aaa w/radius on 6120XG

Hi,

 

 I have the same problem. I capturing traffic with sniffer and I am not seeing radius request.

 

Best regards,

Brandon Farmer
Occasional Contributor

Re: Problem using oobm for aaa w/radius on 6120XG

I should've responded back to this thread, but the fix seemed to be upgrading to the latest Firmware for these devices. 

 

Good luck!

apezuela
Occasional Visitor

Re: Problem using oobm for aaa w/radius on 6120XG

 What firmware version do you have?

 

Image stamp: /sw/code/build/vern(Z_14_zinfip_t4b)
Oct 13 2011 13:12:25
Z.14.29