- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- 3Com 4500 fails Radius logins
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-11-2013 04:19 AM
12-11-2013 04:19 AM
3Com 4500 fails Radius logins
Hi
I'm testing the Radius authentication on a 4500G switch and I need a little help here.
The Radius server is a Microsoft NPS, who already authenticates wifi access with wx1200 clients.
After enabled dot1x on the switch, the management login is authenticated on the Radius, so I created a user on AD.
When I login on the switch with that user, I have (on the Radius side) Connect Request:IAS_SUCCESS - the user is validated on AD.
However, on the switch side I have this:
2000 4500G %%10SHELL/4/LOGOUT(t): Trap 1.3.6.1.4.1.43.45.1.10.2.2.1.1.3.0.2<h3cLogOut>:netadmin logout from VTY
2000 4500G %%10SHELL/4/LOGINAUTHFAIL(t): Trap 1.3.6.1.4.1.43.45.1.10.2.2.1.1.3.0.3<h3cLogInAuthenFailure>:netadmin failed to login from VTY, reason is 2
2000 4500G %%10SHELL/4/LOGINFAIL(l): TELNET user netadmin failed to login from X.X.X.X on VTY1.
(part of) current config of the switch:
----------------
version 3Com OS V5.02.00s168p20,
dot1x authentication-method eap
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
radius scheme my_domain
server-type extended
primary authentication A.B.C.D
primary accounting A.B.C.D
secondary authentication 127.0.0.1 1645
secondary accounting 127.0.0.1 1646
key authentication secret
key accounting secret
domain my_domain
authentication default radius-scheme my_domain
authorization default radius-scheme my_domain
accounting default radius-scheme my_domain
access-limit disable
state active
idle-cut disable
self-service-url disable
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
local-user admin
password simple XXX
authorization-attribute level 3
service-type telnet terminal
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
----------------
On the Radius side I have a network policy to grant access on the conditions:
Windows Group -> Group with the user
NAS Port Type -> Virtual(VPN)
Authentication Type -> EAP or PAP (actually...other than PAP gives a IAS_INVALID_AUTH_TYPE)
Conditions:
Authentication Methods->PEAP and PAP,SPAP
Settings:
Radius Attributes-Standard-> Service Type=Administrative
Other settings are default.
What is missing to 4500G to accept the Radius IAS_SUCCESS and the user just validated ?
Thanks