G3 Switch If SACL's are configured it is not possible to login to switch with radius account
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-20-2016 08:35 AM
If SACL's are configured it is not possible to login to switch with radius account.
If you configure a SACL that contains a service, it is NOT possible to login to the switch with your radius users anymore, only local users are able to login like "admin".
Firmware on this G3 is: 06.61.15.0003
Radius login credentials are on the NAC Gateways.
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-21-2016 07:48 AM
You've only allowed "service snmp" and not all traffic from this source as per your config.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-21-2016 07:48 AM
Oh my god, yes, thats it!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-21-2016 07:41 AM
10.1.1.250 and 10.2.1.250 in this case are the ip addresses from the NAC gateway. If I unterstood it correct my config will allow all the traffic from 10.1.1.250 and 10.2.1.250, right?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-21-2016 07:32 AM
Yes, you need to either allow everything from the NAC Gateway or also allow RADIUS (port 1812) from theNAC Gateways.
try adding this:
set system service-acl sacl permit ip-source port 1812
try adding this:
set system service-acl sacl permit ip-source
