Hi there,
I have a number of 6120XG blade switches for which I'm attempting to configure aaa with radius for authentication. I have these switches setup with no IP address other than the OOBM interface. I've tried configuring aaa with radius according to the docs, but it seems like the messages are never making it to my Radius server (Windows 2008 NPS). Here's the config I'm using:
radius-server host 10.7.0.70 key "secretkey" oobm
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
I've tailed the NPS log on the Windows server and I never see the request hit the NPS server. I see this error in the log:
07/30/11 04:39:13 00421 radius: Can't reach RADIUS server 10.7.0.70
Which the docs say is a mismatched key, but I've checked, double-checked, retyped, and checked again, and the keys match.
Here's the full config:
RAD-BS1-A# sh run
Running configuration:
; 516733-B21 Configuration Editor; Created on release #Z.14.26
hostname "RAD-BS1-A"
qos dscp-map 111000 priority 7
qos dscp-map 110000 priority 6
qos dscp-map 101000 priority 5
qos dscp-map 100000 priority 4
qos dscp-map 011000 priority 3
qos dscp-map 010000 priority 2
qos dscp-map 001000 priority 1
qos dscp-map 000000 priority 0
interface 23
disable
lacp Active
exit
interface 24
disable
lacp Active
exit
interface 17
name "RAD-6509E-2_Te5/2"
exit
ip default-gateway 10.7.3.1
vlan 1
name "DEFAULT_VLAN"
untagged 17-24
no untagged 1-16
no ip address
exit
vlan 2
name "Server_VLAN"
untagged 1-2,4-8,10-16
tagged 3,9,17
no ip address
ip igmp high-priority-forward
exit
vlan 50
name "CSM"
tagged 3,9,17
no ip address
exit
logging 10.7.0.108 oobm
logging facility local5
radius-server host 10.7.0.70 key "secretkey" oobm
timesync sntp
sntp unicast
sntp 300
sntp server priority 1 10.7.0.81 3 oobm
snmp-server community "SecretCommunity" unrestricted
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
spanning-tree
spanning-tree config-name "Cisco-HP"
spanning-tree config-revision 1
spanning-tree instance 1 vlan 1 2 30 50 66 70 75 80 100-102 999
spanning-tree instance 2 vlan 20 40
oobm
ip address 10.7.3.13 255.255.255.0
ip default-gateway 10.7.3.1
exit
primary-vlan 2
password manager
Thanks in advance!
#6120xg#oobm#aaa#Radius