12 Replies Latest reply: Jan 26, 2015 6:49 AM by Artem RSS

    RADIUS login authentication on Catalyst 4500

    Kenny Taylor

      I am trying to set up login authentication using RADIUS on a Catalyst 4500 SUP V-10GE.  The RADIUS server is on a Windows 2008 box and works great with my spare 1841 router.  The switch is having issues, though, and I'm not entirely sure how to troubleshoot it.  When I do a logon attempt, the output of the "debug radius authentication" command shows the following:


      14w6d: RADIUS:  Vendor, Cisco       [26]  25
      14w6d: RADIUS:   Cisco AVpair       [1]   19  "Shell:priv-lvl=15"
      14w6d: RADIUS: saved authorization data for user 1963D448 at 1964A340
      14w6d: RADIUS: cisco AVPair "Shell:priv-lvl=15" not applied for shell
      14w6d: RADIUS: no appropriate authorization type for user.

      Communication from the RADIUS server to the switch seems ok, because it received my AV pair:  "Shell:priv-lvl=15".  But it appears that the switch is rejecting that AV pair.  My config contains:


      aaa authentication login default group radius local

      aaa authentication enable default group radius local

      aaa authorization exec default group radius local

      radius-server host auth-port 1812 acct-port 1813 key supersecretbatmancode


      Any suggestions on how I can troubleshoot that further?  Thanks!