Showing results for 
Search instead for 
Do you mean 
Reply
wothers
Posts: 1
Registered: ‎10-14-2008

Setting up Radius authentication

I have a Linksys SRW2008 switch and I want to set it up to use Radius authentication. 

I have tried setting RADIUS/local in the Admin tab on the web page

I have configured the RADIUS server in the Security tab.  Our server uses port 1645 for auth and I have entered the Key string and the source IP address is (I presume) the address of the switch itself.  Usage type is Login.

Our RADIUS server is Win2KSP4.

I've set up a client friendly name on my radius server pointing to the IP address.

All our Cisco switches are working using the remote access policy in place.

I have even created another Policy with Service-Type=Administrative in the Edit Profile\Advanced tab after reading a suggestion on the internet.

It just ain't working.

From Telnet it just takes me straight to the Login Screen where I enter the local username and password for the switch.

It should take me to a Radius logon first.

I have also read something on the internet that indicates that although RADIUS is available in the Linksys web screens, it doesn't actually work.

Is this the case?  It gives quite detailed "help" in the RADIUS page and Admin page so I'd hate to think it didn't actually work.

Am I missing something obvious?

I hope somebody can help me.  I have tried following the tech support route on this web site but it lead nowhere and the SRW2008 is not supported in their Live Chat.  I have also searched this forum but can't find quite this problem.

 

Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: Setting up Radius authentication

I use freeradius with a srw2008 for 802.1x authentication. It works. It should also work for logins although after a quick test it failed: although the radius server authenticated the login attempt the switch refused the login anyway. I guess it is necessary to set the privilege level in the radius answer but currently I don't know which attribute the switch uses.

For login, there won't be a separate RADIUS login. By setting it to RADIUS,local you only add the radius servers for user authentication. If will first try the RADIUS server and afterwards the local database (which did not work during my test either...). But just like on the Cisco there won't be a separate "Radius login". You see the exact same login screen as always and enter the credentials which are then passed to the radius server for authentication.

For troubleshooting you should check the logs for the radius server. Does it have some debugging options? Otherwise you could also try to install a packet sniffer like wireshark to capture the packets sent and received. Maybe that can show what is going on.