Can't login using AAA radius to a ICX 7450-24. It displays the error when enter credentials and press return/enter : access denied by radius server. What should I set on radius server to get the AAA authentication working please
Yes, but mine is on an older sever version... I looked at some screenshots, and they look the same, so I suspect this may work. Your Millage May Vary.
Also if you use this for other stuff, no promises the Network Policies wont potentially break other connection requests depending upon the processing order, etc.
I am looking at an old 2012 r2 box that was decommissioned that I had this working on...
Under NPS > Policies > Connection Request Profiles
I created a Policy called ICX Request Policy State -> Policy Enabled CHECKED Type of network access server -> Unspecified
Conditions TAB: Client Vendor -> RADIUS Standard
Settings Tab: Authentication Methods ->ALL unchecked Authentication -> Authenticate requests on this server
Everything else is blank
Under NPS > Policies > Network Policies I created one named "ICX Admin Level"
Policy State -> Policy Enabled CHECKED Overview Tab: Access Permission -> Grant access SELECTED Type of network access server -> Unspecified Conditions Tab: Conditions: Windows Groups Value:YOURDOMAN\Network Admins (or whatever group you want)
Constraints Tab: Authentication Methods: EAP Types -> [Blank] Less secure authentication methods: Microsoft Encrypted Authentication Version 2 (MS-CHAP-v2) CHECKED Microsoft Encrypted Authentciation (MS-CHAP) CHECKED Unencrypted authentication (PAP,SPAP) CHECKED
Settings Tab: Standard-> Framed-Protocol PPP (The attribute number is 7, and it is listed under commonly used for Dial-Up or VPN) Standard->Framed (attribute is 6, and it is listed under commonly used for dial-up VPN)
Vendor Specific -> Vendor: Vendor Code 1991 Value: 0 On the Add/Edit button Enter Vendor Code SELECTED 1991 Yes, It conforms SELECTED then click Change Attribute button
This oppens Configure VSA (RFC Compliant) Vendor-assigned attribute number: 1 Attribute format: Decimal Attribute value: 0
NPS Enforcement: Allow full network access
Encryption: ALL are checked
Creaet a NEW RADIUS client for your switches. Technically you can even use a subnet if you wish, but for now just use an IP (or DNS)
I like to generate a key because they are nice and complex like Wtws5JjQMsf8tnd^fO6oR82zEVl#4MCJYB&kQsuKS2FFg!IO@OWu7CyevweUVvQe
At any rate, make sure the client is enabled and that it is set to RADIUS Standard on the other tab.
HI, I have my windows server configured exactly as it is showed on your post, if before I could not get any error message from the sever, now I have one : 'The connection request did not match any configured network policy. reason code 49.' I've already to review in many manners the network policy but the same error message appears.