Tuesday, February 11, 2020

"Cisco" SG300 and RADIUS do not want to cooperate

dear /r/networking,

I am trying to setup the RADIUS authentication on a Cisco SG300 switch with Windows 2012 NPS. I've checked (also using packet capture) that NPS is sending Access-Accept with Vendor specific attribute set to shell:priv-lvl:15 but when try connecting via ssh or http I can't login and I get %AAA-W-REJECT entries in the switch logs.

Any ideas?

Relevant configuration is pretty basic

encrypted radius-server key <encrypted> radius-server host <nps ip addr> priority 1 ip http authentication aaa login-authentication http radius local aaa authentication login authorization SSH radius local aaa authentication enable authorization SSH radius enable line ssh login authentication SSH enable authentication SSH 


No comments:

Post a Comment