Aruba & ProVision-based
1747988 Members
4866 Online
108756 Solutions
New Discussion

Configuring Radius on Procurve 2610-48-PWR

 
Karima1
Occasional Contributor

Configuring Radius on Procurve 2610-48-PWR

Hi,

Radius access for procurve 2610-48-PWR doesn't work. I have this configuration :

radius-server host 10.172.1.135 acct-port 1813 key "XXXXXXXXXXXXXXXXXXXXX"
radius-server host 10.172.1.136 acct-port 1813 key "XXXXXXXXXXXXXXXXXXXXX"
radius-server key "XXXXXXXXXXXXXXXXXXXXX"

aaa authentication ssh login radius local
aaa authentication ssh enable radius local
aaa authentication login privilege-mode
ip ssh

When I try sh radius authentication, I got this information :

UDP
Server IP Addr Port Timeouts Requests Challenges Accepts Rejects
--------------- ----- ---------- ---------- ---------- ---------- ----------
10.172.1.135       1812      0              6          0                    0        6
10.172.1.136       1812      0              0          0                   0         0

The key and login are correct, any idea why it doesn't work?

Thank You

1 REPLY 1
Emil_G
HPE Pro

Re: Configuring Radius on Procurve 2610-48-PWR

Hello, 

The output of the command show radius authentication is showing us that the switch sent 6 RADIUS access-request packets to the RADIUS server 10.172.1.135. The switch also received 6 RADIUS access-reject packets from this RADIUS server.  This means that the RADIUS configuration on the switch is working because the switch can establish RADIUS communication with the RADIUS server. It is the RADIUS server that decides to reject the request.

I think you should check the logs on the RADIUS server in order to determine what is the reason for this rejects. Usually every RADIUS server should have diagnostic tools providing information about the rejects which is useful for troubleshooting. Since the RADIUS server returns immediately an Access-Reject I suspect that it may be something basic. For example I would check if the switch is configured as a RADIUS client ( or NAS) on the RADIUS server and if the key you configured on the switch is also configured on the RADIUS server. Another thing is to check if the RADIUS server has a suitable RADIUS policy or service which can handle your request.

kind regard

I am an HPE employee

Accept or Kudo