[c-nsp] radius authentication on cat5000
Maxim Tuliuk
mt at primats.org.ua
Thu Jul 7 06:38:46 EDT 2005
I try to use same radius-server for catalyst 5000 and 3550, but it doesn's
work for 5000
catalyst 5000:
tcpdump:
10.49.0.16.1049 > 10.49.0.5.1812: rad-access-req 54 [id 12] Attr[ NAS_ipaddr{10.49.0.16} NAS_port_type{Async} User{mt} Pass ]
10.49.0.5.1812 > 10.49.0.16.1049: rad-access-reject 20 [id 12]
...
sh run:
set radius server 10.49.0.5 auth-port 1812 acct-port 1813 primary
set radius key secret
set authentication login radius enable telnet primary
...
radacct log:
Packet-Type = Access-Request
NAS-IP-Address = 10.49.0.16
NAS-Port-Type = Async
User-Name = "mt"
User-Password = "\204N \007\335\262\213\207m\237[y\251\0368\235"
Client-IP-Address = 10.49.0.16
however in that time it works for catalyst 3550:
tcpdump:
10.49.0.10.1645 > 10.49.0.5.1812: rad-access-req 75 [id 210] Attr[ NAS_ipaddr{10.49.0.10} NAS_port{1} NAS_port_type{Virtual} User{mt} [|radius]
10.49.0.5.1812 > 10.49.0.10.1645: rad-access-accept 20 [id 210]
...
sh run:
aaa new-model
aaa authentication login default group radius local line
adius-server host 10.49.0.5 auth-port 1812 acct-port 1813 timeout 10
radius-server source-ports 1645-1646
radius-server key 7 ...
...
radacct log:
Packet-Type = Access-Request
NAS-IP-Address = 10.49.0.12
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = "mt"
Calling-Station-Id = "..."
User-Password = "password in plain text"
Client-IP-Address = 10.49.0.12
I look at log that catalyst 5000 sends password in incorrect format (or
radius server doesn't understand auth-packet from catalyst):
5000: User-Password = "\204N \007\335\262\213\207m\237[y\251\0368\235"
3550: User-Password = "password in plain text"
catos: 5.5(20)
radiusd: FreeRADIUS Version 1.0.4, for host , built on Jun 29 2005 at 12:14:51
Copyright (C) 2000-2003 The FreeRADIUS server project.
How can I fix that?
--
Maxim Tuliuk
WWW: http://primats.org.ua/~mt/
ICQ: 21134222
The bike is absolute freedom of moving
More information about the cisco-nsp
mailing list