Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

Not able to login through console, when no radius server is available - 2530 (j9773a)

 
Lars Voss
Occasional Contributor

Not able to login through console, when no radius server is available - 2530 (j9773a)

I've just recivede a bunch of 2530, and I'm now making them ready for production.

 

But as mentioned above, I'm not able to login through the console there's no radius server available.

 

The config looks like this:

 

; J9779A Configuration Editor; Created on release #YB.15.13.0005
; Ver #05:08.63.ff.37.27:81
hostname "HP-2530-24-PoEP"
radius-server host xxxx key "xxxxxxxxxx"
timesync sntp
sntp unicast
sntp server priority 1 yyy
time daylight-time-rule western-europe
time timezone 60
ip ssh
snmp-server community "public" unrestricted
aaa authentication login privilege-mode
aaa authentication console login radius local
aaa authentication console enable radius local
aaa authentication telnet login radius local
aaa authentication telnet enable radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
vlan 1
name "DEFAULT_VLAN"
untagged 1-28
ip address dhcp-bootp
exit
no tftp server
no dhcp config-file-update
password manager

 

Show authentication gives this:

 

 

HP-2530-24-PoEP(config)# sh authen

Status and Counters - Authentication Information

Login Attempts : 3
Lockout Delay : 0
Respect Privilege : Enabled

| Login Login Login
Access Task | Primary Server Group Secondary
----------- + ---------- ------------ ----------
Console | Radius radius Local
Telnet | Radius radius Local
Port-Access | Local None
Webui | Local None
SSH | Radius radius Local
Web-Auth | ChapRadius radius None
MAC-Auth | ChapRadius radius None
SNMP | Local None

| Enable Enable Enable
Access Task | Primary Server Group Secondary
----------- + ---------- ------------ ----------
Console | Radius radius Local
Telnet | Radius radius Local
Webui | Local None
SSH | Radius radius Local

 

I have set the password and usernamer for manager

 

Any ideas ?

 

Thanks.

 

/Lars

 

 

P.S. This thread has been moved from Switches, Hubs, Modems (Legacy ITRC forum) to ProCurve / ProVision-Based . -HP Forum Moderator

4 REPLIES 4
Chrisd131313
Trusted Contributor

Re: Not able to login through console, when no radius server is available - 2530 (j9773a)

Hi Lars,

 

When you say no RADIUS server is available is it that you shutdown the RADIUS server, or just remove the rule for allowing the switches to authenticate? If the RADIUS server can still respond to RADIUS requests then it is deemed to be available. If you shut down the RADIUS server or disable the RADIUS service you should then find that the fallback to local authentication works.

 

HTH

-----------------------------------------------------

Don't forget to mark a post resolved if your question was answered.
dkawka
Occasional Visitor

Re: Not able to login through console, when no radius server is available - 2530 (j9773a)

I have the same problem. The Switch has no network connection and the fallback to local auth did not work.

My config looks like this:

 

aaa authentication login privilege-mode
aaa authentication console login radius local
aaa authentication console enable radius local
aaa authentication telnet login radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local

 

I cannot login to the console with local user.

 

Please Help! I have this problem on anny newer firmware for all procurve switchs (5400zl, 8200zl, etc.)

dkawka
Occasional Visitor

Re: Not able to login through console, when no radius server is available - 2530 (j9773a)

 Problem here. Switch with no network and fallback to local did not work. 2530-48g, 5400zl and 8200zl.

local user with password are there.

Michael Patmon
Trusted Contributor

Re: Not able to login through console, when no radius server is available - 2530 (j9773a)

Hello.  There was a bug where if the Radius source IP address was null it would not do local auth.  This was fixed in YB.15.13.0008/YB.15.14.0007/YB.15.15.0007 and newer.  Other platforms were fixed as well, check the release notes if you need a specific version or download a newer one from the web. 

There are a couple of workarounds:

  1. Statically configure the Radius source IP: (config)# ip source-interface radius 10.1.1.1
  2. Have a VLAN with an IP address that is "up".  In other words, a valid source IP interface for the Radius request.