1

We have cisco sg550xg switch where we first saw how to configure cisco via GUI, and long story short we got stuck on radius. From what we found on manuals we add a new radius client with server ip address, auth port and account port as well as well adding the RADIUS under selected methods in management access authentication. However when I try to login via telnet i got "authentication failed" and this log

Warning %AAA-W-REJECT: New telnet connection, source 192.168.75.24 destination 10.251.45.85 REJECTED

We have tested the radius server with already configured cisco 2950 and it was working fine. The IOS that we are using is tesla_hybrid_2.3.5.63.

Am I missing something? Can someone paste a working configuration?

Thank you in advance

Damjan Nikolovski
  • 43
  • 8
  • Did you configure the RADIUS **server** to allow the Cisco switch to use it for authentication? – Todd Wilcox Nov 20 '17 at 21:36
  • I have enable the radius server once but i'm not sure that i'm doing it right. From what i can see in the GUI I can enable the radius server and put the atuh and accou port, enter server key where I think i put my secret from the radius, create group and create user for that group. I can't get the logic of this. – Damjan Nikolovski Nov 20 '17 at 21:42
  • No, I mean go to the actual server that is handling the RADIUS authentication and configure that. Not on the switch. The switch should have an IP address in the RADIUS config for the RADIUS server. What device has that IP address? Have you configured that other device? – Todd Wilcox Nov 20 '17 at 21:45
  • 1
    The radius server is configured correctly, we have tested by putting the ip address of the cisco 550 on other already configured cisco 2950 and it was working fine. The ip address on the switch is put on vlan 250. – Damjan Nikolovski Nov 20 '17 at 21:51
  • What IOS are you running on the SG 550? – Todd Wilcox Nov 20 '17 at 21:52
  • 1
    tesla hybrid 2.3.5.63. – Damjan Nikolovski Nov 20 '17 at 21:54
  • I don't know that OS so I'll have to let someone else try to help. You might edit your question to include the fact that you tested the server itself and indicate the OS you are running. If you can get a copy of the config you currently have and clean out any sensitive information and add that to your question, it could only help. – Todd Wilcox Nov 20 '17 at 22:01
  • Yes, I will do that. Thank you anyway, I appreciate your effort. – Damjan Nikolovski Nov 20 '17 at 22:11

0 Answers0